diff options
| author | auth12 <[email protected]> | 2020-07-16 13:37:51 +0100 |
|---|---|---|
| committer | auth12 <[email protected]> | 2020-07-16 13:37:51 +0100 |
| commit | e2379c4956099294994e090b9bede94bbbbdcab1 (patch) | |
| tree | c62f61d77157e8eed8d4ad90db93fc79b587ba36 /client/wolfssl/wolfcrypt/test | |
| parent | Client login handling on server. (diff) | |
| download | loader-e2379c4956099294994e090b9bede94bbbbdcab1.tar.xz loader-e2379c4956099294994e090b9bede94bbbbdcab1.zip | |
Added windows support on client.
Diffstat (limited to 'client/wolfssl/wolfcrypt/test')
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/README.md | 60 | ||||
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/include.am | 18 | ||||
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/test.c | 28567 | ||||
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/test.h | 43 | ||||
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/test.sln | 59 | ||||
| -rw-r--r-- | client/wolfssl/wolfcrypt/test/test.vcproj | 197 |
6 files changed, 28944 insertions, 0 deletions
diff --git a/client/wolfssl/wolfcrypt/test/README.md b/client/wolfssl/wolfcrypt/test/README.md new file mode 100644 index 0000000..bcf877f --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/README.md @@ -0,0 +1,60 @@ +# wolfCrypt Test + +Tool for performing cryptographic algorithm testing. + +## Example Output + +Run on Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz. + +```sh +./configure --enable-intelasm --enable-aesni --enable-sp --enable-sp-asm && make + +./wolfcrypt/test/testwolfcrypt +------------------------------------------------------------------------------ + wolfSSL version 4.0.0 +------------------------------------------------------------------------------ +error test passed! +MEMORY test passed! +base64 test passed! +asn test passed! +MD5 test passed! +SHA test passed! +SHA-224 test passed! +SHA-256 test passed! +SHA-384 test passed! +SHA-512 test passed! +SHA-3 test passed! +Hash test passed! +HMAC-MD5 test passed! +HMAC-SHA test passed! +HMAC-SHA224 test passed! +HMAC-SHA256 test passed! +HMAC-SHA384 test passed! +HMAC-SHA512 test passed! +HMAC-SHA3 test passed! +GMAC test passed! +Chacha test passed! +POLY1305 test passed! +ChaCha20-Poly1305 AEAD test passed! +AES test passed! +AES192 test passed! +AES256 test passed! +AES-GCM test passed! +RANDOM test passed! +RSA test passed! +DH test passed! +ECC test passed! +logging test passed! +mutex test passed! +memcb test passed! +Test complete +``` + + +## Windows Visual Studio + +For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. + +If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project). + +This solution includes the wolfSSL library project at `<wolfssl-root>wolfssl.vcxproj` and will compile the library, then the test project. diff --git a/client/wolfssl/wolfcrypt/test/include.am b/client/wolfssl/wolfcrypt/test/include.am new file mode 100644 index 0000000..b2fc302 --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/include.am @@ -0,0 +1,18 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_WOLFCRYPT_TESTS +noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt +if BUILD_CRYPTONLY +check_PROGRAMS+= wolfcrypt/test/testwolfcrypt +endif +noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt +wolfcrypt_test_testwolfcrypt_SOURCES = wolfcrypt/test/test.c +wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD) +wolfcrypt_test_testwolfcrypt_DEPENDENCIES = src/libwolfssl.la +noinst_HEADERS += wolfcrypt/test/test.h +endif +EXTRA_DIST += wolfcrypt/test/test.sln +EXTRA_DIST += wolfcrypt/test/test.vcproj +EXTRA_DIST += wolfcrypt/test/README.md +DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt diff --git a/client/wolfssl/wolfcrypt/test/test.c b/client/wolfssl/wolfcrypt/test/test.c new file mode 100644 index 0000000..399a29b --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/test.c @@ -0,0 +1,28567 @@ +/* test.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include <wolfssl/options.h> +#endif +#include <wolfssl/wolfcrypt/settings.h> +#include <wolfssl/version.h> +#include <wolfssl/wolfcrypt/wc_port.h> + +#ifndef NO_CRYPT_TEST + +/* only for stack size check */ +#ifdef HAVE_STACK_SIZE + #include <wolfssl/ssl.h> + #define err_sys err_sys_remap /* remap err_sys */ + #include <wolfssl/test.h> + #undef err_sys +#endif + +#ifdef USE_FLAT_TEST_H + #include "test.h" +#else + #include "wolfcrypt/test/test.h" +#endif + +/* printf mappings */ +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #include <mqx.h> + #include <stdlib.h> + /* see wc_port.h for fio.h and nio.h includes */ +#elif defined(FREESCALE_KSDK_BM) + #include "fsl_debug_console.h" + #undef printf + #define printf PRINTF +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include <assert.h> + #include <string.h> + #include "sysinit/sysinit.h" + #include "os/os.h" + #ifdef ARCH_sim + #include "mcu/mcu_sim.h" + #endif + #include "os/os_time.h" +#elif defined(WOLFSSL_ESPIDF) + #include <time.h> + #include <sys/time.h> +#elif defined(WOLFSSL_ZEPHYR) + #include <stdio.h> + + #define printf printk +#elif defined(MICRIUM) + #include <bsp_ser.h> + void BSP_Ser_Printf (CPU_CHAR* format, ...); + #undef printf + #define printf BSP_Ser_Printf +#elif defined(WOLFSSL_PB) + #include <stdarg.h> + int wolfssl_pb_print(const char*, ...); + #undef printf + #define printf wolfssl_pb_print +#elif defined(WOLFSSL_TELIT_M2MB) + #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */ + #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ + /* remap printf */ + #undef printf + #define printf M2M_LOG_INFO + /* OS requires occasional sleep() */ + #ifndef TEST_SLEEP_MS + #define TEST_SLEEP_MS 50 + #endif + #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) + /* don't use file system for these tests, since ./certs dir isn't loaded */ + #undef NO_FILESYSTEM + #define NO_FILESYSTEM +#elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF) + /* since just testing, use THREADX log printf instead */ + int dc_log_printf(char*, ...); + #undef printf + #define printf dc_log_printf +#else + #ifdef XMALLOC_USER + #include <stdlib.h> /* we're using malloc / free direct here */ + #endif + #ifndef STRING_USER + #include <stdio.h> + #endif + + /* enable way for customer to override test/bench printf */ + #ifdef XPRINTF + #undef printf + #define printf XPRINTF + #endif +#endif + +#include <wolfssl/wolfcrypt/memory.h> +#include <wolfssl/wolfcrypt/wc_port.h> +#include <wolfssl/wolfcrypt/logging.h> +#include <wolfssl/wolfcrypt/types.h> +#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) + #include <wolfssl/wolfcrypt/asn.h> +#else + #include <wolfssl/wolfcrypt/asn_public.h> +#endif +#include <wolfssl/wolfcrypt/md2.h> +#include <wolfssl/wolfcrypt/md5.h> +#include <wolfssl/wolfcrypt/md4.h> +#include <wolfssl/wolfcrypt/sha.h> +#include <wolfssl/wolfcrypt/sha256.h> +#include <wolfssl/wolfcrypt/sha512.h> +#include <wolfssl/wolfcrypt/arc4.h> +#if defined(WC_NO_RNG) + #include <wolfssl/wolfcrypt/integer.h> +#else + #include <wolfssl/wolfcrypt/random.h> +#endif +#include <wolfssl/wolfcrypt/coding.h> +#include <wolfssl/wolfcrypt/signature.h> +#include <wolfssl/wolfcrypt/rsa.h> +#include <wolfssl/wolfcrypt/des3.h> +#include <wolfssl/wolfcrypt/aes.h> +#include <wolfssl/wolfcrypt/wc_encrypt.h> +#include <wolfssl/wolfcrypt/cmac.h> +#include <wolfssl/wolfcrypt/poly1305.h> +#include <wolfssl/wolfcrypt/camellia.h> +#include <wolfssl/wolfcrypt/hmac.h> +#include <wolfssl/wolfcrypt/dh.h> +#include <wolfssl/wolfcrypt/dsa.h> +#include <wolfssl/wolfcrypt/srp.h> +#include <wolfssl/wolfcrypt/idea.h> +#include <wolfssl/wolfcrypt/hc128.h> +#include <wolfssl/wolfcrypt/rabbit.h> +#include <wolfssl/wolfcrypt/chacha.h> +#include <wolfssl/wolfcrypt/chacha20_poly1305.h> +#include <wolfssl/wolfcrypt/pwdbased.h> +#include <wolfssl/wolfcrypt/ripemd.h> +#include <wolfssl/wolfcrypt/error-crypt.h> +#ifdef HAVE_ECC + #include <wolfssl/wolfcrypt/ecc.h> +#endif +#ifdef HAVE_CURVE25519 + #include <wolfssl/wolfcrypt/curve25519.h> +#endif +#ifdef HAVE_ED25519 + #include <wolfssl/wolfcrypt/ed25519.h> +#endif +#ifdef HAVE_CURVE448 + #include <wolfssl/wolfcrypt/curve448.h> +#endif +#ifdef HAVE_ED448 + #include <wolfssl/wolfcrypt/ed448.h> +#endif +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #include <wolfssl/wolfcrypt/blake2.h> +#endif +#ifdef WOLFSSL_SHA3 + #include <wolfssl/wolfcrypt/sha3.h> +#endif +#ifdef HAVE_LIBZ + #include <wolfssl/wolfcrypt/compress.h> +#endif +#ifdef HAVE_PKCS7 + #include <wolfssl/wolfcrypt/pkcs7.h> +#endif +#ifdef HAVE_FIPS + #include <wolfssl/wolfcrypt/fips_test.h> +#endif +#ifdef HAVE_SELFTEST + #include <wolfssl/wolfcrypt/selftest.h> +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + #include <wolfssl/wolfcrypt/async.h> +#endif +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + #include <wolfssl/wolfcrypt/logging.h> +#endif +#ifdef WOLFSSL_IMX6_CAAM_BLOB + #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> +#endif +#ifdef WOLF_CRYPTO_CB + #include <wolfssl/wolfcrypt/cryptocb.h> + #ifdef HAVE_INTEL_QA_SYNC + #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h> + #endif + #ifdef HAVE_CAVIUM_OCTEON_SYNC + #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h> + #endif +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef OPENSSL_EXTRA + #ifndef WOLFCRYPT_ONLY + #include <wolfssl/openssl/evp.h> + #endif + #include <wolfssl/openssl/rand.h> + #include <wolfssl/openssl/hmac.h> + #include <wolfssl/openssl/aes.h> + #include <wolfssl/openssl/des.h> +#endif + +#if defined(NO_FILESYSTEM) + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_2048 + #endif + #if !defined(USE_CERT_BUFFERS_256) + #define USE_CERT_BUFFERS_256 + #endif +#endif + +#if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + #define ENABLE_ECC384_CERT_GEN_TEST +#endif + +#include <wolfssl/certs_test.h> + +#ifdef HAVE_NTRU + #include "libntruencrypt/ntru_crypto.h" +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + static WOLFSSL_HEAP_HINT* HEAP_HINT; +#else + #define HEAP_HINT NULL +#endif /* WOLFSSL_STATIC_MEMORY */ + +/* these cases do not have intermediate hashing support */ +#if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \ + && !defined(WOLFSSL_XILINX_CRYPT) + #define NO_INTM_HASH_TEST +#endif + +#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) +static void initDefaultName(void); +#endif + +/* for async devices */ +static int devId = INVALID_DEVID; + +#ifdef HAVE_WNR + const char* wnrConfigFile = "wnr-example.conf"; +#endif + +typedef struct testVector { + const char* input; + const char* output; + size_t inLen; + size_t outLen; +} testVector; + +int error_test(void); +int base64_test(void); +int base16_test(void); +int asn_test(void); +int md2_test(void); +int md5_test(void); +int md4_test(void); +int sha_test(void); +int sha224_test(void); +int sha256_test(void); +int sha512_test(void); +int sha384_test(void); +int sha3_test(void); +int shake256_test(void); +int hash_test(void); +int hmac_md5_test(void); +int hmac_sha_test(void); +int hmac_sha224_test(void); +int hmac_sha256_test(void); +int hmac_sha384_test(void); +int hmac_sha512_test(void); +int hmac_sha3_test(void); +int hkdf_test(void); +int x963kdf_test(void); +int arc4_test(void); +int hc128_test(void); +int rabbit_test(void); +int chacha_test(void); +int chacha20_poly1305_aead_test(void); +int des_test(void); +int des3_test(void); +int aes_test(void); +int aes192_test(void); +int aes256_test(void); +int aesofb_test(void); +int cmac_test(void); +int poly1305_test(void); +int aesgcm_test(void); +int aesgcm_default_test(void); +int gmac_test(void); +int aesccm_test(void); +int aeskeywrap_test(void); +int camellia_test(void); +int rsa_no_pad_test(void); +int rsa_test(void); +int dh_test(void); +int dsa_test(void); +int srp_test(void); +#ifndef WC_NO_RNG +int random_test(void); +#endif /* WC_NO_RNG */ +int pwdbased_test(void); +int ripemd_test(void); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +int openssl_test(void); /* test mini api */ + +int openssl_pkey_test(void); +int openssl_pkey0_test(void); +int openssl_pkey1_test(void); +int openSSL_evpMD_test(void); +int openssl_evpSig_test(void); +#endif + +int pbkdf1_test(void); +int pkcs12_test(void); +int pbkdf2_test(void); +int scrypt_test(void); +#ifdef HAVE_ECC + int ecc_test(void); + #ifdef HAVE_ECC_ENCRYPT + int ecc_encrypt_test(void); + #endif + #ifdef USE_CERT_BUFFERS_256 + int ecc_test_buffers(void); + #endif +#endif +#ifdef HAVE_CURVE25519 + int curve25519_test(void); +#endif +#ifdef HAVE_ED25519 + int ed25519_test(void); +#endif +#ifdef HAVE_CURVE448 + int curve448_test(void); +#endif +#ifdef HAVE_ED448 + int ed448_test(void); +#endif +#ifdef HAVE_BLAKE2 + int blake2b_test(void); +#endif +#ifdef HAVE_BLAKE2S + int blake2s_test(void); +#endif +#ifdef HAVE_LIBZ + int compress_test(void); +#endif +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + int pkcs7encrypted_test(void); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + int pkcs7compressed_test(void); + #endif + int pkcs7signed_test(void); + int pkcs7enveloped_test(void); + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + int pkcs7authenveloped_test(void); + #endif + #ifndef NO_AES + int pkcs7callback_test(byte* cert, word32 certSz, byte* key, + word32 keySz); + #endif +#endif +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +int cert_test(void); +#endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +int certext_test(void); +#endif +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +int decodedCertCache_test(void); +#endif +#ifdef HAVE_IDEA +int idea_test(void); +#endif +int memory_test(void); +#ifdef HAVE_VALGRIND +int mp_test(void); +#endif +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) +int prime_test(void); +#endif +#ifdef ASN_BER_TO_DER +int berder_test(void); +#endif +int logging_test(void); +int mutex_test(void); +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) +int memcb_test(void); +#endif +#ifdef WOLFSSL_IMX6_CAAM_BLOB +int blob_test(void); +#endif + +#ifdef WOLF_CRYPTO_CB +int cryptocb_test(void); +#endif +#ifdef WOLFSSL_CERT_PIV +int certpiv_test(void); +#endif + +/* General big buffer size for many tests. */ +#define FOURK_BUF 4096 + + +#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } + +#ifdef HAVE_STACK_SIZE +static THREAD_RETURN err_sys(const char* msg, int es) +#else +static int err_sys(const char* msg, int es) +#endif +{ + printf("%s error = %d\n", msg, es); + + EXIT_TEST(-1); +} + +#ifndef HAVE_STACK_SIZE +/* func_args from test.h, so don't have to pull in other stuff */ +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; +#endif /* !HAVE_STACK_SIZE */ + +#ifdef HAVE_FIPS + +static void myFipsCb(int ok, int err, const char* hash) +{ + printf("in my Fips callback, ok = %d, err = %d\n", ok, err); + printf("message = %s\n", wc_GetErrorString(err)); + printf("hash = %s\n", hash); + + if (err == IN_CORE_FIPS_E) { + printf("In core integrity hash check failure, copy above hash\n"); + printf("into verifyCore[] in fips_test.c and rebuild\n"); + } +} + +#endif /* HAVE_FIPS */ + +#ifdef WOLFSSL_STATIC_MEMORY + #ifdef BENCH_EMBEDDED + static byte gTestMemory[14000]; + #elif defined(WOLFSSL_CERT_EXT) + static byte gTestMemory[140000]; + #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE) + static byte gTestMemory[160000]; + #else + static byte gTestMemory[80000]; + #endif +#endif + +#ifdef WOLFSSL_PB +int wolfssl_pb_print(const char* msg, ...) +{ + int ret; + va_list args; + char tmpBuf[80]; + + va_start(args, msg); + ret = vsprint(tmpBuf, msg, args); + va_end(args); + + fnDumpStringToSystemLog(tmpBuf); + + return ret; +} +#endif /* WOLFSSL_PB */ + +/* optional macro to add sleep between tests */ +#ifdef TEST_SLEEP + #include <stdarg.h> /* for var args */ + static WC_INLINE void test_pass(const char* fmt, ...) + { + va_list args; + va_start(args, fmt); + printf(fmt, args); + va_end(args); + TEST_SLEEP(); + } +#else + /* redirect to printf */ + #define test_pass printf + /* stub the sleep macro */ + #define TEST_SLEEP() +#endif + +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args) +#else +int wolfcrypt_test(void* args) +#endif +{ + int ret; + + printf("------------------------------------------------------------------------------\n"); + printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); + printf("------------------------------------------------------------------------------\n"); + + if (args) + ((func_args*)args)->return_code = -1; /* error state */ + +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory), + WOLFMEM_GENERAL, 1) != 0) { + printf("unable to load static memory"); + return(EXIT_FAILURE); + } +#endif + +#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) + wolfSSL_Debugging_ON(); +#endif + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + wc_SetLoggingHeap(HEAP_HINT); +#endif + +#ifdef HAVE_FIPS + wolfCrypt_SetCb_fips(myFipsCb); +#endif + +#if !defined(NO_BIG_INT) + if (CheckCtcSettings() != 1) { + printf("Sizeof mismatch (build) %x != (run) %x\n", + CTC_SETTINGS, CheckRunTimeSettings()); + return err_sys("Build vs runtime math mismatch\n", -1000); + } + +#if defined(USE_FAST_MATH) && \ + (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)) + if (CheckFastMathSettings() != 1) + return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", + -1001); +#endif /* USE_FAST_MATH */ +#endif /* !NO_BIG_INT */ + +#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) +initDefaultName(); +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wolfAsync_DevOpen(&devId); + if (ret < 0) { + printf("Async device open failed\nRunning without async\n"); + } +#else + (void)devId; +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + devId = wc_CryptoCb_InitIntelQa(); + if (INVALID_DEVID == devId) { + printf("Couldn't init the Intel QA\n"); + } +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + devId = wc_CryptoCb_InitOcteon(); + if (INVALID_DEVID == devId) { + printf("Couldn't init the Cavium Octeon\n"); + } +#endif +#endif + +#ifdef HAVE_SELFTEST + if ( (ret = wolfCrypt_SelfTest()) != 0) + return err_sys("CAVP selftest failed!\n", ret); + else + test_pass("CAVP selftest passed!\n"); +#endif + + if ( (ret = error_test()) != 0) + return err_sys("error test failed!\n", ret); + else + test_pass("error test passed!\n"); + + if ( (ret = memory_test()) != 0) + return err_sys("MEMORY test failed!\n", ret); + else + test_pass("MEMORY test passed!\n"); + +#ifndef NO_CODING + if ( (ret = base64_test()) != 0) + return err_sys("base64 test failed!\n", ret); + else + test_pass("base64 test passed!\n"); +#ifdef WOLFSSL_BASE16 + if ( (ret = base16_test()) != 0) + return err_sys("base16 test failed!\n", ret); + else + test_pass("base16 test passed!\n"); +#endif +#endif /* !NO_CODING */ + +#ifndef NO_ASN + if ( (ret = asn_test()) != 0) + return err_sys("asn test failed!\n", ret); + else + test_pass("asn test passed!\n"); +#endif + +#ifndef WC_NO_RNG + if ( (ret = random_test()) != 0) + return err_sys("RANDOM test failed!\n", ret); + else + test_pass("RANDOM test passed!\n"); +#endif /* WC_NO_RNG */ + +#ifndef NO_MD5 + if ( (ret = md5_test()) != 0) + return err_sys("MD5 test failed!\n", ret); + else + test_pass("MD5 test passed!\n"); +#endif + +#ifdef WOLFSSL_MD2 + if ( (ret = md2_test()) != 0) + return err_sys("MD2 test failed!\n", ret); + else + test_pass("MD2 test passed!\n"); +#endif + +#ifndef NO_MD4 + if ( (ret = md4_test()) != 0) + return err_sys("MD4 test failed!\n", ret); + else + test_pass("MD4 test passed!\n"); +#endif + +#ifndef NO_SHA + if ( (ret = sha_test()) != 0) + return err_sys("SHA test failed!\n", ret); + else + test_pass("SHA test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA224 + if ( (ret = sha224_test()) != 0) + return err_sys("SHA-224 test failed!\n", ret); + else + test_pass("SHA-224 test passed!\n"); +#endif + +#ifndef NO_SHA256 + if ( (ret = sha256_test()) != 0) + return err_sys("SHA-256 test failed!\n", ret); + else + test_pass("SHA-256 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA384 + if ( (ret = sha384_test()) != 0) + return err_sys("SHA-384 test failed!\n", ret); + else + test_pass("SHA-384 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA512 + if ( (ret = sha512_test()) != 0) + return err_sys("SHA-512 test failed!\n", ret); + else + test_pass("SHA-512 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA3 + if ( (ret = sha3_test()) != 0) + return err_sys("SHA-3 test failed!\n", ret); + else + test_pass("SHA-3 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHAKE256 + if ( (ret = shake256_test()) != 0) + return err_sys("SHAKE256 test failed!\n", ret); + else + test_pass("SHAKE256 test passed!\n"); +#endif + + if ( (ret = hash_test()) != 0) + return err_sys("Hash test failed!\n", ret); + else + test_pass("Hash test passed!\n"); + +#ifdef WOLFSSL_RIPEMD + if ( (ret = ripemd_test()) != 0) + return err_sys("RIPEMD test failed!\n", ret); + else + test_pass("RIPEMD test passed!\n"); +#endif + +#ifdef HAVE_BLAKE2 + if ( (ret = blake2b_test()) != 0) + return err_sys("BLAKE2b test failed!\n", ret); + else + test_pass("BLAKE2b test passed!\n"); +#endif +#ifdef HAVE_BLAKE2S + if ( (ret = blake2s_test()) != 0) + return err_sys("BLAKE2s test failed!\n", ret); + else + test_pass("BLAKE2s test passed!\n"); +#endif + +#ifndef NO_HMAC + #ifndef NO_MD5 + if ( (ret = hmac_md5_test()) != 0) + return err_sys("HMAC-MD5 test failed!\n", ret); + else + test_pass("HMAC-MD5 test passed!\n"); + #endif + + #ifndef NO_SHA + if ( (ret = hmac_sha_test()) != 0) + return err_sys("HMAC-SHA test failed!\n", ret); + else + test_pass("HMAC-SHA test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA224 + if ( (ret = hmac_sha224_test()) != 0) + return err_sys("HMAC-SHA224 test failed!\n", ret); + else + test_pass("HMAC-SHA224 test passed!\n"); + #endif + + #ifndef NO_SHA256 + if ( (ret = hmac_sha256_test()) != 0) + return err_sys("HMAC-SHA256 test failed!\n", ret); + else + test_pass("HMAC-SHA256 test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA384 + if ( (ret = hmac_sha384_test()) != 0) + return err_sys("HMAC-SHA384 test failed!\n", ret); + else + test_pass("HMAC-SHA384 test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA512 + if ( (ret = hmac_sha512_test()) != 0) + return err_sys("HMAC-SHA512 test failed!\n", ret); + else + test_pass("HMAC-SHA512 test passed!\n"); + #endif + + #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) + if ( (ret = hmac_sha3_test()) != 0) + return err_sys("HMAC-SHA3 test failed!\n", ret); + else + test_pass("HMAC-SHA3 test passed!\n"); + #endif + + #ifdef HAVE_HKDF + if ( (ret = hkdf_test()) != 0) + return err_sys("HMAC-KDF test failed!\n", ret); + else + test_pass("HMAC-KDF test passed!\n"); + #endif +#endif /* !NO_HMAC */ + +#if defined(HAVE_X963_KDF) && defined(HAVE_ECC) + if ( (ret = x963kdf_test()) != 0) + return err_sys("X963-KDF test failed!\n", ret); + else + test_pass("X963-KDF test passed!\n"); +#endif + +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ + !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) + if ( (ret = gmac_test()) != 0) + return err_sys("GMAC test failed!\n", ret); + else + test_pass("GMAC test passed!\n"); +#endif + +#ifndef NO_RC4 + if ( (ret = arc4_test()) != 0) + return err_sys("ARC4 test failed!\n", ret); + else + test_pass("ARC4 test passed!\n"); +#endif + +#ifndef NO_HC128 + if ( (ret = hc128_test()) != 0) + return err_sys("HC-128 test failed!\n", ret); + else + test_pass("HC-128 test passed!\n"); +#endif + +#ifndef NO_RABBIT + if ( (ret = rabbit_test()) != 0) + return err_sys("Rabbit test failed!\n", ret); + else + test_pass("Rabbit test passed!\n"); +#endif + +#ifdef HAVE_CHACHA + if ( (ret = chacha_test()) != 0) + return err_sys("Chacha test failed!\n", ret); + else + test_pass("Chacha test passed!\n"); +#endif + +#ifdef HAVE_POLY1305 + if ( (ret = poly1305_test()) != 0) + return err_sys("POLY1305 test failed!\n", ret); + else + test_pass("POLY1305 test passed!\n"); +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + if ( (ret = chacha20_poly1305_aead_test()) != 0) + return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret); + else + test_pass("ChaCha20-Poly1305 AEAD test passed!\n"); +#endif + +#ifndef NO_DES3 + if ( (ret = des_test()) != 0) + return err_sys("DES test failed!\n", ret); + else + test_pass("DES test passed!\n"); +#endif + +#ifndef NO_DES3 + if ( (ret = des3_test()) != 0) + return err_sys("DES3 test failed!\n", ret); + else + test_pass("DES3 test passed!\n"); +#endif + +#ifndef NO_AES + if ( (ret = aes_test()) != 0) + return err_sys("AES test failed!\n", ret); + else + test_pass("AES test passed!\n"); + +#ifdef WOLFSSL_AES_192 + if ( (ret = aes192_test()) != 0) + return err_sys("AES192 test failed!\n", ret); + else + test_pass("AES192 test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_256 + if ( (ret = aes256_test()) != 0) + return err_sys("AES256 test failed!\n", ret); + else + test_pass("AES256 test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_OFB + if ( (ret = aesofb_test()) != 0) + return err_sys("AES-OFB test failed!\n", ret); + else + test_pass("AESOFB test passed!\n"); +#endif + +#ifdef HAVE_AESGCM + #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO) + if ( (ret = aesgcm_test()) != 0) + return err_sys("AES-GCM test failed!\n", ret); + #endif + #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !(defined(WOLF_CRYPTO_CB) && \ + (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) + if ((ret = aesgcm_default_test()) != 0) { + return err_sys("AES-GCM test failed!\n", ret); + } + #endif + test_pass("AES-GCM test passed!\n"); +#endif + +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + if ( (ret = aesccm_test()) != 0) + return err_sys("AES-CCM test failed!\n", ret); + else + test_pass("AES-CCM test passed!\n"); +#endif +#ifdef HAVE_AES_KEYWRAP + if ( (ret = aeskeywrap_test()) != 0) + return err_sys("AES Key Wrap test failed!\n", ret); + else + test_pass("AES Key Wrap test passed!\n"); +#endif +#endif + +#ifdef HAVE_CAMELLIA + if ( (ret = camellia_test()) != 0) + return err_sys("CAMELLIA test failed!\n", ret); + else + test_pass("CAMELLIA test passed!\n"); +#endif + +#ifdef HAVE_IDEA + if ( (ret = idea_test()) != 0) + return err_sys("IDEA test failed!\n", ret); + else + test_pass("IDEA test passed!\n"); +#endif + +#ifndef NO_RSA + #ifdef WC_RSA_NO_PADDING + if ( (ret = rsa_no_pad_test()) != 0) + return err_sys("RSA NOPAD test failed!\n", ret); + else + test_pass("RSA NOPAD test passed!\n"); + #endif + if ( (ret = rsa_test()) != 0) + return err_sys("RSA test failed!\n", ret); + else + test_pass("RSA test passed!\n"); +#endif + +#ifndef NO_DH + if ( (ret = dh_test()) != 0) + return err_sys("DH test failed!\n", ret); + else + test_pass("DH test passed!\n"); +#endif + +#ifndef NO_DSA + if ( (ret = dsa_test()) != 0) + return err_sys("DSA test failed!\n", ret); + else + test_pass("DSA test passed!\n"); +#endif + +#ifdef WOLFCRYPT_HAVE_SRP + if ( (ret = srp_test()) != 0) + return err_sys("SRP test failed!\n", ret); + else + test_pass("SRP test passed!\n"); +#endif + +#ifndef NO_PWDBASED + if ( (ret = pwdbased_test()) != 0) + return err_sys("PWDBASED test failed!\n", ret); + else + test_pass("PWDBASED test passed!\n"); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + if ( (ret = openssl_test()) != 0) + return err_sys("OPENSSL test failed!\n", ret); + else + test_pass("OPENSSL test passed!\n"); + + if ( (ret = openSSL_evpMD_test()) != 0) + return err_sys("OPENSSL (EVP MD) test failed!\n", ret); + else + test_pass("OPENSSL (EVP MD) passed!\n"); + + if ( (ret = openssl_pkey0_test()) != 0) + return err_sys("OPENSSL (PKEY0) test failed!\n", ret); + else + test_pass("OPENSSL (PKEY0) passed!\n"); + + if ( (ret = openssl_pkey1_test()) != 0) + return err_sys("OPENSSL (PKEY1) test failed!\n", ret); + else + test_pass("OPENSSL (PKEY1) passed!\n"); + + if ( (ret = openssl_evpSig_test()) != 0) + return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret); + else + test_pass("OPENSSL (EVP Sign/Verify) passed!\n"); + +#endif + +#ifdef HAVE_ECC + if ( (ret = ecc_test()) != 0) + return err_sys("ECC test failed!\n", ret); + else + test_pass("ECC test passed!\n"); + #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) + if ( (ret = ecc_encrypt_test()) != 0) + return err_sys("ECC Enc test failed!\n", ret); + else + test_pass("ECC Enc test passed!\n"); + #endif + #ifdef USE_CERT_BUFFERS_256 + if ( (ret = ecc_test_buffers()) != 0) + return err_sys("ECC buffer test failed!\n", ret); + else + test_pass("ECC buffer test passed!\n"); + #endif +#endif + +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) + if ( (ret = cert_test()) != 0) + return err_sys("CERT test failed!\n", ret); + else + test_pass("CERT test passed!\n"); +#endif + +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) + if ( (ret = certext_test()) != 0) + return err_sys("CERT EXT test failed!\n", ret); + else + test_pass("CERT EXT test passed!\n"); +#endif + +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + if ( (ret = decodedCertCache_test()) != 0) + return err_sys("DECODED CERT CACHE test failed!\n", ret); + else + test_pass("DECODED CERT CACHE test passed!\n"); +#endif + +#ifdef HAVE_CURVE25519 + if ( (ret = curve25519_test()) != 0) + return err_sys("CURVE25519 test failed!\n", ret); + else + test_pass("CURVE25519 test passed!\n"); +#endif + +#ifdef HAVE_ED25519 + if ( (ret = ed25519_test()) != 0) + return err_sys("ED25519 test failed!\n", ret); + else + test_pass("ED25519 test passed!\n"); +#endif + +#ifdef HAVE_CURVE448 + if ( (ret = curve448_test()) != 0) + return err_sys("CURVE448 test failed!\n", ret); + else + test_pass("CURVE448 test passed!\n"); +#endif + +#ifdef HAVE_ED448 + if ( (ret = ed448_test()) != 0) + return err_sys("ED448 test failed!\n", ret); + else + test_pass("ED448 test passed!\n"); +#endif + +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + if ( (ret = cmac_test()) != 0) + return err_sys("CMAC test failed!\n", ret); + else + test_pass("CMAC test passed!\n"); +#endif + +#ifdef HAVE_LIBZ + if ( (ret = compress_test()) != 0) + return err_sys("COMPRESS test failed!\n", ret); + else + test_pass("COMPRESS test passed!\n"); +#endif + +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + if ( (ret = pkcs7encrypted_test()) != 0) + return err_sys("PKCS7encrypted test failed!\n", ret); + else + test_pass("PKCS7encrypted test passed!\n"); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + if ( (ret = pkcs7compressed_test()) != 0) + return err_sys("PKCS7compressed test failed!\n", ret); + else + test_pass("PKCS7compressed test passed!\n"); + #endif + if ( (ret = pkcs7signed_test()) != 0) + return err_sys("PKCS7signed test failed!\n", ret); + else + test_pass("PKCS7signed test passed!\n"); + + if ( (ret = pkcs7enveloped_test()) != 0) + return err_sys("PKCS7enveloped test failed!\n", ret); + else + test_pass("PKCS7enveloped test passed!\n"); + + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + if ( (ret = pkcs7authenveloped_test()) != 0) + return err_sys("PKCS7authenveloped test failed!\n", ret); + else + test_pass("PKCS7authenveloped test passed!\n"); + #endif +#endif + +#ifdef HAVE_VALGRIND + if ( (ret = mp_test()) != 0) + return err_sys("mp test failed!\n", ret); + else + test_pass("mp test passed!\n"); +#endif + +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) + if ( (ret = prime_test()) != 0) + return err_sys("prime test failed!\n", ret); + else + test_pass("prime test passed!\n"); +#endif + +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) + if ( (ret = berder_test()) != 0) + return err_sys("ber-der test failed!\n", ret); + else + test_pass("ber-der test passed!\n"); +#endif + + if ( (ret = logging_test()) != 0) + return err_sys("logging test failed!\n", ret); + else + test_pass("logging test passed!\n"); + + if ( (ret = mutex_test()) != 0) + return err_sys("mutex test failed!\n", ret); + else + test_pass("mutex test passed!\n"); + +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) + if ( (ret = memcb_test()) != 0) + return err_sys("memcb test failed!\n", ret); + else + test_pass("memcb test passed!\n"); +#endif + +#ifdef WOLFSSL_IMX6_CAAM_BLOB + if ( (ret = blob_test()) != 0) + return err_sys("blob test failed!\n", ret); + else + test_pass("blob test passed!\n"); +#endif + +#if defined(WOLF_CRYPTO_CB) && \ + !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) + if ( (ret = cryptocb_test()) != 0) + return err_sys("crypto callback test failed!\n", ret); + else + test_pass("crypto callback test passed!\n"); +#endif + +#ifdef WOLFSSL_CERT_PIV + if ( (ret = certpiv_test()) != 0) + return err_sys("cert piv test failed!\n", ret); + else + test_pass("cert piv test passed!\n"); +#endif + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + wc_CryptoCb_CleanupIntelQa(&devId); +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + wc_CryptoCb_CleanupOcteon(&devId); +#endif +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif + + /* cleanup the thread if fixed point cache is enabled and have thread local */ +#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) + wc_ecc_fp_free(); +#endif + + if (args) + ((func_args*)args)->return_code = ret; + + test_pass("Test complete\n"); + + EXIT_TEST(ret); +} + + +#ifndef NO_MAIN_DRIVER + + /* so overall tests can pull in test function */ +#ifdef WOLFSSL_ESPIDF + void app_main( ) +#else + int main(int argc, char** argv) +#endif + { + int ret; + func_args args; +#ifdef WOLFSSL_ESPIDF + /* set dummy wallclock time. */ + struct timeval utctime; + struct timezone tz; + utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + settimeofday(&utctime, &tz); +#endif +#ifdef WOLFSSL_APACHE_MYNEWT + #ifdef ARCH_sim + mcu_sim_parse_args(argc, argv); + #endif + sysinit(); + + /* set dummy wallclock time. */ + struct os_timeval utctime; + struct os_timezone tz; + utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + os_settimeofday(&utctime, &tz); +#endif + +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { + err_sys("Whitewood netRandom global config failed", -1001); + return -1002; + } +#endif +#ifndef WOLFSSL_ESPIDF + args.argc = argc; + args.argv = argv; +#endif + if ((ret = wolfCrypt_Init()) != 0) { + printf("wolfCrypt_Init failed %d\n", ret); + err_sys("Error with wolfCrypt_Init!\n", -1003); + } + + #ifdef HAVE_STACK_SIZE + StackSizeCheck(&args, wolfcrypt_test); + #else + wolfcrypt_test(&args); + #endif + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", ret); + err_sys("Error with wolfCrypt_Cleanup!\n", -1004); + } + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context", -1005); +#endif /* HAVE_WNR */ +#ifndef WOLFSSL_ESPIDF + return args.return_code; +#endif + } + +#endif /* NO_MAIN_DRIVER */ + +/* helper to save DER, convert to PEM and save PEM */ +#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ + (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + +#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) +#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) +#else +#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB) +#endif + +static int _SaveDerAndPem(const byte* der, int derSz, + byte* pem, int pemSz, const char* fileDer, + const char* filePem, int pemType, int errBase) +{ +#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + int ret; + XFILE derFile; + + derFile = XFOPEN(fileDer, "wb"); + if (!derFile) { + return errBase + 0; + } + ret = (int)XFWRITE(der, 1, derSz, derFile); + XFCLOSE(derFile); + if (ret != derSz) { + return errBase + 1; + } +#endif + + if (pem && filePem) { + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + XFILE pemFile; + #endif + #ifdef WOLFSSL_DER_TO_PEM + pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); + if (pemSz < 0) { + return errBase + 2; + } + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + pemFile = XFOPEN(filePem, "wb"); + if (!pemFile) { + return errBase + 3; + } + ret = (int)XFWRITE(pem, 1, pemSz, pemFile); + XFCLOSE(pemFile); + if (ret != pemSz) { + return errBase + 4; + } + #endif + } + + /* suppress unused variable warnings */ + (void)filePem; + (void)fileDer; + + return 0; +} +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ + +int error_test(void) +{ + const char* errStr; + char out[WOLFSSL_MAX_ERROR_SZ]; + const char* unknownStr = wc_GetErrorString(0); + +#ifdef NO_ERROR_STRINGS + /* Ensure a valid error code's string matches an invalid code's. + * The string is that error strings are not available. + */ + errStr = wc_GetErrorString(OPEN_RAN_E); + wc_ErrorString(OPEN_RAN_E, out); + if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1100; + if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1101; +#else + int i; + int j = 0; + /* Values that are not or no longer error codes. */ + int missing[] = { -122, -123, -124, -127, -128, -129, + -163, -164, -165, -166, -167, -168, -169, + -179, -233, + 0 }; + + /* Check that all errors have a string and it's the same through the two + * APIs. Check that the values that are not errors map to the unknown + * string. + */ + for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) { + errStr = wc_GetErrorString(i); + wc_ErrorString(i, out); + + if (i != missing[j]) { + if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0) + return -1102; + if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0) + return -1103; + if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0) + return -1104; + if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) + return -1105; + } + else { + j++; + if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1106; + if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1107; + } + } + + /* Check if the next possible value has been given a string. */ + errStr = wc_GetErrorString(i); + wc_ErrorString(i, out); + if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1108; + if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) + return -1109; +#endif + + return 0; +} + +#ifndef NO_CODING + +int base64_test(void) +{ + int ret; + const byte good[] = "A+Gd\0\0\0"; + const byte goodEnd[] = "A+Gd \r\n"; + byte out[128]; + word32 outLen; +#ifdef WOLFSSL_BASE64_ENCODE + byte data[3]; + word32 dataLen; + byte longData[79] = { 0 }; + const byte symbols[] = "+/A="; +#endif + const byte badSmall[] = "AAA Gdj="; + const byte badLarge[] = "AAA~Gdj="; + const byte badEOL[] = "A+Gd AA"; + int i; + + /* Good Base64 encodings. */ + outLen = sizeof(out); + ret = Base64_Decode(good, sizeof(good), out, &outLen); + if (ret != 0) + return -1200; + outLen = sizeof(out); + ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen); + if (ret != 0) + return -1201; + + /* Bad parameters. */ + outLen = 1; + ret = Base64_Decode(good, sizeof(good), out, &outLen); + if (ret != BAD_FUNC_ARG) + return -1202; + + outLen = sizeof(out); + ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen); + if (ret != ASN_INPUT_E) + return -1203; + /* Bad character at each offset 0-3. */ + for (i = 0; i < 4; i++) { + outLen = sizeof(out); + ret = Base64_Decode(badSmall + i, 4, out, &outLen); + if (ret != ASN_INPUT_E) + return -1204 - i; + ret = Base64_Decode(badLarge + i, 4, out, &outLen); + if (ret != ASN_INPUT_E) + return -1214 - i; + } + +#ifdef WOLFSSL_BASE64_ENCODE + /* Decode and encode all symbols - non-alphanumeric. */ + dataLen = sizeof(data); + ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen); + if (ret != 0) + return -1224; + outLen = sizeof(out); + ret = Base64_Encode(data, dataLen, NULL, &outLen); + if (ret != LENGTH_ONLY_E) + return -1225; + outLen = sizeof(out); + ret = Base64_Encode(data, dataLen, out, &outLen); + if (ret != 0) + return -1226; + outLen = 7; + ret = Base64_EncodeEsc(data, dataLen, out, &outLen); + if (ret != BUFFER_E) + return -1227; + outLen = sizeof(out); + ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen); + if (ret != LENGTH_ONLY_E) + return -1228; + outLen = sizeof(out); + ret = Base64_EncodeEsc(data, dataLen, out, &outLen); + if (ret != 0) + return -1229; + outLen = sizeof(out); + ret = Base64_Encode_NoNl(data, dataLen, out, &outLen); + if (ret != 0) + return -1230; + + /* Data that results in an encoding longer than one line. */ + outLen = sizeof(out); + dataLen = sizeof(longData); + ret = Base64_Encode(longData, dataLen, out, &outLen); + if (ret != 0) + return -1231; + outLen = sizeof(out); + ret = Base64_EncodeEsc(longData, dataLen, out, &outLen); + if (ret != 0) + return -1232; + outLen = sizeof(out); + ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen); + if (ret != 0) + return -1233; +#endif + + return 0; +} + +#ifdef WOLFSSL_BASE16 +int base16_test(void) +{ + int ret; + const byte testData[] = "SomeDataToEncode\n"; + const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00"; + byte encoded[40]; + word32 encodedLen; + byte plain[40]; + word32 len; + + /* length returned includes null termination */ + encodedLen = sizeof(encoded); + ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); + if (ret != 0) + return -1300; + + len = (word32)XSTRLEN((char*)encoded); + if (len != encodedLen - 1) + return -1301; + + len = sizeof(plain); + ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); + if (ret != 0) + return -1302; + + if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) + return -1303; + + if (encodedLen != sizeof(encodedTestData) || + XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { + return -1304; + } + + return 0; +} +#endif /* WOLFSSL_BASE16 */ +#endif /* !NO_CODING */ + +#ifndef NO_ASN +int asn_test(void) +{ + int ret; + /* ASN1 encoded date buffer */ + const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a}; + byte format; + int length; + const byte* datePart; +#ifndef NO_ASN_TIME + struct tm timearg; + time_t now; +#endif + + ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, + &length); + if (ret != 0) + return -1400; + +#ifndef NO_ASN_TIME + /* Parameter Validation tests. */ + if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) + return -1401; + if (wc_GetTime(&now, 0) != BUFFER_E) + return -1402; + + now = 0; + if (wc_GetTime(&now, sizeof(now)) != 0) { + return -1403; + } + if (now == 0) { + printf("RTC/Time not set!\n"); + return -1404; + } + + ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); + if (ret != 0) + return -1405; +#endif /* !NO_ASN_TIME */ + + return 0; +} +#endif /* !NO_ASN */ + +#ifdef WOLFSSL_MD2 +int md2_test(void) +{ + Md2 md2; + byte hash[MD2_DIGEST_SIZE]; + + testVector a, b, c, d, e, f, g; + testVector test_md2[7]; + int times = sizeof(test_md2) / sizeof(testVector), i; + + a.input = ""; + a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" + "\x27\x73"; + a.inLen = XSTRLEN(a.input); + a.outLen = MD2_DIGEST_SIZE; + + b.input = "a"; + b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" + "\xb5\xd1"; + b.inLen = XSTRLEN(b.input); + b.outLen = MD2_DIGEST_SIZE; + + c.input = "abc"; + c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" + "\xd6\xbb"; + c.inLen = XSTRLEN(c.input); + c.outLen = MD2_DIGEST_SIZE; + + d.input = "message digest"; + d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" + "\x06\xb0"; + d.inLen = XSTRLEN(d.input); + d.outLen = MD2_DIGEST_SIZE; + + e.input = "abcdefghijklmnopqrstuvwxyz"; + e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" + "\x94\x0b"; + e.inLen = XSTRLEN(e.input); + e.outLen = MD2_DIGEST_SIZE; + + f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" + "\x38\xcd"; + f.inLen = XSTRLEN(f.input); + f.outLen = MD2_DIGEST_SIZE; + + g.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" + "\xef\xd8"; + g.inLen = XSTRLEN(g.input); + g.outLen = MD2_DIGEST_SIZE; + + test_md2[0] = a; + test_md2[1] = b; + test_md2[2] = c; + test_md2[3] = d; + test_md2[4] = e; + test_md2[5] = f; + test_md2[6] = g; + + wc_InitMd2(&md2); + + for (i = 0; i < times; ++i) { + wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen); + wc_Md2Final(&md2, hash); + + if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) + return -1500 - i; + } + + return 0; +} +#endif + +#ifndef NO_MD5 +int md5_test(void) +{ + int ret = 0; + wc_Md5 md5, md5Copy; + byte hash[WC_MD5_DIGEST_SIZE]; + byte hashcopy[WC_MD5_DIGEST_SIZE]; + testVector a, b, c, d, e, f; + testVector test_md5[6]; + int times = sizeof(test_md5) / sizeof(testVector), i; + + a.input = ""; + a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42" + "\x7e"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" + "\x72"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD5_DIGEST_SIZE; + + c.input = "message digest"; + c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" + "\xd0"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + + d.input = "abcdefghijklmnopqrstuvwxyz"; + d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" + "\x3b"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD5_DIGEST_SIZE; + + e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" + "\x9f"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_MD5_DIGEST_SIZE; + + f.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" + "\x7a"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_MD5_DIGEST_SIZE; + + test_md5[0] = a; + test_md5[1] = b; + test_md5[2] = c; + test_md5[3] = d; + test_md5[4] = e; + test_md5[5] = f; + + ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); + if (ret != 0) + return -1600; + ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); + if (ret != 0) { + wc_Md5Free(&md5); + return -1601; + } + + for (i = 0; i < times; ++i) { + ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, + (word32)test_md5[i].inLen); + if (ret != 0) + ERROR_OUT(-1602 - i, exit); + + ret = wc_Md5GetHash(&md5, hashcopy); + if (ret != 0) + ERROR_OUT(-1603 - i, exit); + + ret = wc_Md5Copy(&md5, &md5Copy); + if (ret != 0) + ERROR_OUT(-1604 - i, exit); + + ret = wc_Md5Final(&md5, hash); + if (ret != 0) + ERROR_OUT(-1605 - i, exit); + + wc_Md5Free(&md5Copy); + + if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(-1606 - i, exit); + + if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(-1607 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; +#ifdef WOLFSSL_PIC32MZ_HASH + wc_Md5SizeSet(&md5, times * sizeof(large_input)); +#endif + for (i = 0; i < times; ++i) { + ret = wc_Md5Update(&md5, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-1608, exit); + } + ret = wc_Md5Final(&md5, hash); + if (ret != 0) + ERROR_OUT(-1609, exit); + if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(-1610, exit); + } /* END LARGE HASH TEST */ + +exit: + + wc_Md5Free(&md5); + wc_Md5Free(&md5Copy); + + return ret; +} +#endif /* NO_MD5 */ + + +#ifndef NO_MD4 + +int md4_test(void) +{ + Md4 md4; + byte hash[MD4_DIGEST_SIZE]; + + testVector a, b, c, d, e, f, g; + testVector test_md4[7]; + int times = sizeof(test_md4) / sizeof(testVector), i; + + a.input = ""; + a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" + "\xc0"; + a.inLen = XSTRLEN(a.input); + a.outLen = MD4_DIGEST_SIZE; + + b.input = "a"; + b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" + "\x24"; + b.inLen = XSTRLEN(b.input); + b.outLen = MD4_DIGEST_SIZE; + + c.input = "abc"; + c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" + "\x9d"; + c.inLen = XSTRLEN(c.input); + c.outLen = MD4_DIGEST_SIZE; + + d.input = "message digest"; + d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" + "\x4b"; + d.inLen = XSTRLEN(d.input); + d.outLen = MD4_DIGEST_SIZE; + + e.input = "abcdefghijklmnopqrstuvwxyz"; + e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" + "\xa9"; + e.inLen = XSTRLEN(e.input); + e.outLen = MD4_DIGEST_SIZE; + + f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" + "\xe4"; + f.inLen = XSTRLEN(f.input); + f.outLen = MD4_DIGEST_SIZE; + + g.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" + "\x36"; + g.inLen = XSTRLEN(g.input); + g.outLen = MD4_DIGEST_SIZE; + + test_md4[0] = a; + test_md4[1] = b; + test_md4[2] = c; + test_md4[3] = d; + test_md4[4] = e; + test_md4[5] = f; + test_md4[6] = g; + + wc_InitMd4(&md4); + + for (i = 0; i < times; ++i) { + wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen); + wc_Md4Final(&md4, hash); + + if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0) + return -1700 - i; + } + + return 0; +} + +#endif /* NO_MD4 */ + +#ifndef NO_SHA + +int sha_test(void) +{ + int ret = 0; + wc_Sha sha, shaCopy; + byte hash[WC_SHA_DIGEST_SIZE]; + byte hashcopy[WC_SHA_DIGEST_SIZE]; + testVector a, b, c, d, e; + testVector test_sha[5]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18" + "\x90\xaf\xd8\x07\x09"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" + "\x6C\x9C\xD0\xD8\x9D"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" + "\xE5\xE5\x46\x70\xF1"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA_DIGEST_SIZE; + + d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaa"; + d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" + "\x2A\x25\xEC\x64\x4D"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA_DIGEST_SIZE; + + e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaa"; + e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" + "\x53\x99\x5E\x26\xA0"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -1800; + ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_ShaFree(&sha); + return -1801; + } + + for (i = 0; i < times; ++i) { + ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-1802 - i, exit); + ret = wc_ShaGetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-1803 - i, exit); + ret = wc_ShaCopy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-1804 - i, exit); + ret = wc_ShaFinal(&sha, hash); + if (ret != 0) + ERROR_OUT(-1805 - i, exit); + wc_ShaFree(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(-1806 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(-1807 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#ifdef WOLFSSL_RENESAS_TSIP + const char* large_digest = + "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59" + "\x15\x8c\x6d\xb6"; +#else + const char* large_digest = + "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e" + "\xc5\xd9\x0a\xac"; +#endif + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef WOLFSSL_RENESAS_TSIP + times = 20; +#else + times = 100; +#endif +#ifdef WOLFSSL_PIC32MZ_HASH + wc_ShaSizeSet(&sha, times * sizeof(large_input)); +#endif + for (i = 0; i < times; ++i) { + ret = wc_ShaUpdate(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-1808, exit); + } + ret = wc_ShaFinal(&sha, hash); + if (ret != 0) + ERROR_OUT(-1809, exit); + if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(-1810, exit); + } /* END LARGE HASH TEST */ + +exit: + + wc_ShaFree(&sha); + wc_ShaFree(&shaCopy); + + return ret; +} + +#endif /* NO_SHA */ + +#ifdef WOLFSSL_RIPEMD +int ripemd_test(void) +{ + RipeMd ripemd; + int ret; + byte hash[RIPEMD_DIGEST_SIZE]; + + testVector a, b, c, d; + testVector test_ripemd[4]; + int times = sizeof(test_ripemd) / sizeof(struct testVector), i; + + a.input = "abc"; + a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" + "\xb0\x87\xf1\x5a\x0b\xfc"; + a.inLen = XSTRLEN(a.input); + a.outLen = RIPEMD_DIGEST_SIZE; + + b.input = "message digest"; + b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" + "\x5f\xfa\x21\x59\x5f\x36"; + b.inLen = XSTRLEN(b.input); + b.outLen = RIPEMD_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" + "\xf4\x9a\xda\x62\xeb\x2b"; + c.inLen = XSTRLEN(c.input); + c.outLen = RIPEMD_DIGEST_SIZE; + + d.input = "12345678901234567890123456789012345678901234567890123456" + "789012345678901234567890"; + d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" + "\x82\xbf\x63\x32\x6b\xfb"; + d.inLen = XSTRLEN(d.input); + d.outLen = RIPEMD_DIGEST_SIZE; + + test_ripemd[0] = a; + test_ripemd[1] = b; + test_ripemd[2] = c; + test_ripemd[3] = d; + + ret = wc_InitRipeMd(&ripemd); + if (ret != 0) { + return -1900; + } + + for (i = 0; i < times; ++i) { + ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, + (word32)test_ripemd[i].inLen); + if (ret != 0) { + return -1901 - i; + } + + ret = wc_RipeMdFinal(&ripemd, hash); + if (ret != 0) { + return -1911 - i; + } + + if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) + return -1921 - i; + } + + return 0; +} +#endif /* WOLFSSL_RIPEMD */ + + +#ifdef HAVE_BLAKE2 + + +#define BLAKE2B_TESTS 3 + +static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] = +{ + { + 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03, + 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72, + 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61, + 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19, + 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53, + 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B, + 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55, + 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE + }, + { + 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95, + 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7, + 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44, + 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C, + 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB, + 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4, + 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48, + 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B + }, + { + 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9, + 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72, + 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF, + 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15, + 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB, + 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04, + 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1, + 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5 + } +}; + + + +int blake2b_test(void) +{ + Blake2b b2b; + byte digest[64]; + byte input[64]; + int i, ret; + + for (i = 0; i < (int)sizeof(input); i++) + input[i] = (byte)i; + + for (i = 0; i < BLAKE2B_TESTS; i++) { + ret = wc_InitBlake2b(&b2b, 64); + if (ret != 0) + return -2000 - i; + + ret = wc_Blake2bUpdate(&b2b, input, i); + if (ret != 0) + return -2010 - 1; + + ret = wc_Blake2bFinal(&b2b, digest, 64); + if (ret != 0) + return -2020 - i; + + if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { + return -2030 - i; + } + } + + return 0; +} +#endif /* HAVE_BLAKE2 */ + +#ifdef HAVE_BLAKE2S + + +#define BLAKE2S_TESTS 3 + +static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] = +{ + { + 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, + 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, + 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, + 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9, + }, + { + 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6, + 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2, + 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb, + 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea, + }, + { + 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49, + 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe, + 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88, + 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c, + } +}; + + + +int blake2s_test(void) +{ + Blake2s b2s; + byte digest[32]; + byte input[64]; + int i, ret; + + for (i = 0; i < (int)sizeof(input); i++) + input[i] = (byte)i; + + for (i = 0; i < BLAKE2S_TESTS; i++) { + ret = wc_InitBlake2s(&b2s, 32); + if (ret != 0) + return -2100 - i; + + ret = wc_Blake2sUpdate(&b2s, input, i); + if (ret != 0) + return -2110 - 1; + + ret = wc_Blake2sFinal(&b2s, digest, 32); + if (ret != 0) + return -2120 - i; + + if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) { + return -2130 - i; + } + } + + return 0; +} +#endif /* HAVE_BLAKE2S */ + + +#ifdef WOLFSSL_SHA224 +int sha224_test(void) +{ + wc_Sha224 sha, shaCopy; + byte hash[WC_SHA224_DIGEST_SIZE]; + byte hashcopy[WC_SHA224_DIGEST_SIZE]; + int ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34" + "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA224_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55" + "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA224_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" + "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA224_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2200; + ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha224Free(&sha); + return -2201; + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2202 - i, exit); + ret = wc_Sha224GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2203 - i, exit); + ret = wc_Sha224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2204 - i, exit); + ret = wc_Sha224Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2205 - i, exit); + wc_Sha224Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(-2206 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(-2207 - i, exit); + } + +exit: + wc_Sha224Free(&sha); + wc_Sha224Free(&shaCopy); + + return ret; +} +#endif + + +#ifndef NO_SHA256 +int sha256_test(void) +{ + wc_Sha256 sha, shaCopy; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte hashcopy[WC_SHA256_DIGEST_SIZE]; + int ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9" + "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52" + "\xb8\x55"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA256_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA256_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA256_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2300; + ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha256Free(&sha); + return -2301; + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) { + ERROR_OUT(-2302 - i, exit); + } + ret = wc_Sha256GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2303 - i, exit); + ret = wc_Sha256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2304 - i, exit); + ret = wc_Sha256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2305 - i, exit); + wc_Sha256Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(-2306 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(-2307 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#ifdef WOLFSSL_RENESAS_TSIP_CRYPT + const char* large_digest = + "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7" + "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f"; +#else + const char* large_digest = + "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4" + "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0"; +#endif + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef WOLFSSL_RENESAS_TSIP + times = 20; +#else + times = 100; +#endif +#ifdef WOLFSSL_PIC32MZ_HASH + wc_Sha256SizeSet(&sha, times * sizeof(large_input)); +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha256Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2308, exit); + } + ret = wc_Sha256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2309, exit); + if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(-2310, exit); + } /* END LARGE HASH TEST */ + +exit: + + wc_Sha256Free(&sha); + wc_Sha256Free(&shaCopy); + + return ret; +} +#endif + + +#ifdef WOLFSSL_SHA512 +int sha512_test(void) +{ + wc_Sha512 sha, shaCopy; + byte hash[WC_SHA512_DIGEST_SIZE]; + byte hashcopy[WC_SHA512_DIGEST_SIZE]; + int ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80" + "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c" + "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87" + "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a" + "\xf9\x27\xda\x3e"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_DIGEST_SIZE; + + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" + "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" + "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" + "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" + "\x87\x4b\xe9\x09"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2400; + ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512Free(&sha); + return -2401; + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2402 - i, exit); + ret = wc_Sha512GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2403 - i, exit); + ret = wc_Sha512Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2404 - i, exit); + ret = wc_Sha512Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2405 - i, exit); + wc_Sha512Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(-2406 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(-2407 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d" + "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83" + "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc" + "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha512Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2408, exit); + } + ret = wc_Sha512Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2409, exit); + if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(-2410, exit); + } /* END LARGE HASH TEST */ + +exit: + wc_Sha512Free(&sha); + wc_Sha512Free(&shaCopy); + + return ret; +} +#endif + + +#ifdef WOLFSSL_SHA384 +int sha384_test(void) +{ + wc_Sha384 sha, shaCopy; + byte hash[WC_SHA384_DIGEST_SIZE]; + byte hashcopy[WC_SHA384_DIGEST_SIZE]; + int ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + + a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3" + "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6" + "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48" + "\x98\xb9\x5b"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA384_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA384_DIGEST_SIZE; + + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA384_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2500; + ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha384Free(&sha); + return -2501; + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2502 - i, exit); + ret = wc_Sha384GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2503 - i, exit); + ret = wc_Sha384Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(-2504 - i, exit); + ret = wc_Sha384Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2505 - i, exit); + wc_Sha384Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(-2506 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(-2507 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a" + "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3" + "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha384Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2508, exit); + } + ret = wc_Sha384Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2509, exit); + if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(-2510, exit); + } /* END LARGE HASH TEST */ + +exit: + + wc_Sha384Free(&sha); + wc_Sha384Free(&shaCopy); + + return ret; +} +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 +static int sha3_224_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_224_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_224_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + int ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1" + "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_224_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76" + "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_224_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79" + "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_224_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2600; + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2601 - i, exit); + ret = wc_Sha3_224_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2602 - i, exit); + ret = wc_Sha3_224_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2603 - i, exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(-2604 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(-2605 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19" + "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_224_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2606, exit); + } + ret = wc_Sha3_224_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2607, exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(-2608, exit); + } /* END LARGE HASH TEST */ + +exit: + wc_Sha3_224_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_224 */ + +#ifndef WOLFSSL_NOSHA3_256 +static int sha3_256_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_256_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_256_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + int ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + byte large_input[1024]; + const char* large_digest = + "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" + "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; + +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) + /* test vector with hash of empty string */ + const char* Keccak256EmptyOut = + "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" + "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; +#endif + + a.input = ""; + a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6" + "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8" + "\x43\x4a"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_256_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90" + "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43" + "\x15\x32"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_256_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e" + "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d" + "\x33\x76"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_256_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2700; + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2701 - i, exit); + ret = wc_Sha3_256_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2702 - i, exit); + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2703 - i, exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(-2704 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(-2705 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_256_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2706, exit); + } + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2707, exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(-2708, exit); + } /* END LARGE HASH TEST */ + + /* this is a software only variant of SHA3 not supported by external hardware devices */ +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Test for Keccak256 */ + ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); + if (ret != 0) { + ERROR_OUT(-2709, exit); + } + ret = wc_Sha3_256_Update(&sha, (byte*)"", 0); + if (ret != 0) { + ERROR_OUT(-2710, exit); + } + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) { + ERROR_OUT(-2711, exit); + } + if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { + ERROR_OUT(-2712, exit); + } +#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ + +exit: + wc_Sha3_256_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_256 */ + +#ifndef WOLFSSL_NOSHA3_384 +static int sha3_384_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_384_DIGEST_SIZE]; +#ifndef NO_INTM_HASH_TEST + byte hashcopy[WC_SHA3_384_DIGEST_SIZE]; +#endif + + testVector a, b, c; + testVector test_sha[3]; + int ret; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24" + "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98" + "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58" + "\xd5\xf0\x04"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_384_DIGEST_SIZE; + +#if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) + /* NIST test vector with a length that is a multiple of 4 */ + b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44" + "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4"; + b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4" + "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4" + "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14" + "\x19\x87\x22"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_384_DIGEST_SIZE; +#else + b.input = "abc"; + b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad" + "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b" + "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28" + "\x37\x6d\x25"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_384_DIGEST_SIZE; +#endif + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49" + "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4" + "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0" + "\x65\x7c\x22"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_384_DIGEST_SIZE; + +#ifdef WOLFSSL_XILINX_CRYPT + test_sha[0] = b; /* hardware acc. can not handle "" string */ +#else + test_sha[0] = a; +#endif + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2800; + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2801 - i, exit); + #ifndef NO_INTM_HASH_TEST + ret = wc_Sha3_384_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2802 - i, exit); + #endif + ret = wc_Sha3_384_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2803 - i, exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(-2804 - i, exit); + #ifndef NO_INTM_HASH_TEST + if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(-2805 - i, exit); + #endif + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71" + "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7" + "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_384_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2806, exit); + } + ret = wc_Sha3_384_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2807, exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(-2808, exit); + } /* END LARGE HASH TEST */ + +exit: + wc_Sha3_384_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_384 */ + +#ifndef WOLFSSL_NOSHA3_512 +static int sha3_512_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_512_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_512_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + int ret; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75" + "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c" + "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c" + "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86" + "\x28\x1d\xcd\x26"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_512_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09" + "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2" + "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47" + "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27" + "\x4e\xec\x53\xf0"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_512_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8" + "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91" + "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7" + "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11" + "\x39\xd6\xe7\x5e"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_512_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); + if (ret != 0) + return -2900; + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-2901 - i, exit); + ret = wc_Sha3_512_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(-2902 - i, exit); + ret = wc_Sha3_512_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2903 - i, exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(-2904 - i, exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(-2905 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29" + "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc" + "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61" + "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_512_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-2906, exit); + } + ret = wc_Sha3_512_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(-2907, exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(-2908, exit); + } /* END LARGE HASH TEST */ + +exit: + wc_Sha3_512_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_512 */ + +int sha3_test(void) +{ + int ret; + + (void)ret; + +#ifndef WOLFSSL_NOSHA3_224 + if ((ret = sha3_224_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_256 + if ((ret = sha3_256_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_384 + if ((ret = sha3_384_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_512 + if ((ret = sha3_512_test()) != 0) + return ret; +#endif + + return 0; +} +#endif /* WOLFSSL_SHA3 */ + +#ifdef WOLFSSL_SHAKE256 +int shake256_test(void) +{ +#ifndef WOLFSSL_NO_SHAKE256 + wc_Shake sha; + byte hash[114]; + + testVector a, b, c; + testVector test_sha[3]; + int ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + byte large_input[1024]; + const char* large_digest = + "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7" + "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f" + "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68" + "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac" + "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5" + "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38" + "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9" + "\xea\x26"; + + a.input = ""; + a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb" + "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5" + "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67" + "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac" + "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7" + "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84" + "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" + "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; + a.inLen = XSTRLEN(a.input); + a.outLen = sizeof(hash); + + b.input = "abc"; + b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" + "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b" + "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52" + "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88" + "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04" + "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc" + "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" + "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; + b.inLen = XSTRLEN(b.input); + b.outLen = sizeof(hash); + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" + "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e" + "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc" + "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74" + "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55" + "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a" + "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" + "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; + c.inLen = XSTRLEN(c.input); + c.outLen = sizeof(hash); + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitShake256(&sha, HEAP_HINT, devId); + if (ret != 0) + return -3100; + + for (i = 0; i < times; ++i) { + ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(-3101 - i, exit); + ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen); + if (ret != 0) + ERROR_OUT(-3102 - i, exit); + + if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0) + ERROR_OUT(-3103 - i, exit); + } + + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Shake256_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(-3104, exit); + } + ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); + if (ret != 0) + ERROR_OUT(-3105, exit); + if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) + ERROR_OUT(-3106, exit); + } /* END LARGE HASH TEST */ + +exit: + wc_Shake256_Free(&sha); + + return ret; +#else + return 0; +#endif +} +#endif + + +int hash_test(void) +{ + wc_HashAlg hash; + int ret, exp_ret; + int i, j; + int digestSz; + byte data[] = "0123456789abcdef0123456789abcdef0123456"; + byte out[WC_MAX_DIGEST_SIZE]; + byte hashOut[WC_MAX_DIGEST_SIZE]; +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + enum wc_HashType hashType; +#endif + enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, + WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, + WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512, + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512 }; + enum wc_HashType typesNoImpl[] = { +#ifdef NO_MD5 + WC_HASH_TYPE_MD5, +#endif +#ifdef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifndef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif +#ifdef NO_SHA256 + WC_HASH_TYPE_SHA256, +#endif +#ifndef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifndef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224) + WC_HASH_TYPE_SHA3_224, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256) + WC_HASH_TYPE_SHA3_256, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384) + WC_HASH_TYPE_SHA3_384, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512) + WC_HASH_TYPE_SHA3_512, +#endif + WC_HASH_TYPE_NONE + }; + enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, + WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; + enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_NONE }; + + /* Parameter Validation testing. */ + ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); + if (ret != BAD_FUNC_ARG) + return -3200; + ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + if (ret != BAD_FUNC_ARG) + return -3201; + ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + if (ret != BAD_FUNC_ARG) + return -3202; + ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); + if (ret != BAD_FUNC_ARG) + return -3203; + ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); + if (ret != BAD_FUNC_ARG) + return -3204; + ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); + if (ret != BAD_FUNC_ARG) + return -3205; + ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); + if (ret != BAD_FUNC_ARG) + return -3206; + + /* Try invalid hash algorithms. */ + for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { + ret = wc_HashInit(&hash, typesBad[i]); + if (ret != BAD_FUNC_ARG) + return -3207 - i; + ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); + if (ret != BAD_FUNC_ARG) + return -3217 - i; + ret = wc_HashFinal(&hash, typesBad[i], out); + if (ret != BAD_FUNC_ARG) + return -3227 - i; + wc_HashFree(&hash, typesBad[i]); + } + + /* Try valid hash algorithms. */ + for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) { + exp_ret = 0; + if (typesGood[i] == typesNoImpl[j]) { + /* Recognized but no implementation compiled in. */ + exp_ret = HASH_TYPE_E; + j++; + } + ret = wc_HashInit(&hash, typesGood[i]); + if (ret != exp_ret) + return -3237 - i; + ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); + if (ret != exp_ret) + return -3247 - i; + ret = wc_HashFinal(&hash, typesGood[i], out); + if (ret != exp_ret) + return -3257 - i; + wc_HashFree(&hash, typesGood[i]); + + digestSz = wc_HashGetDigestSize(typesGood[i]); + if (exp_ret < 0 && digestSz != exp_ret) + return -3267 - i; + if (exp_ret == 0 && digestSz < 0) + return -3277 - i; + if (exp_ret == 0) { + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, + digestSz - 1); + if (ret != BUFFER_E) + return -3287 - i; + } + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); + if (ret != exp_ret) + return -3297 - i; + if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) + return -3307 -i; + + ret = wc_HashGetBlockSize(typesGood[i]); + if (exp_ret < 0 && ret != exp_ret) + return -3308 - i; + if (exp_ret == 0 && ret < 0) + return -3318 - i; + +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + ret = wc_HashGetOID(typesGood[i]); + if (ret == BAD_FUNC_ARG || + (exp_ret == 0 && ret == HASH_TYPE_E) || + (exp_ret != 0 && ret != HASH_TYPE_E)) { + return -3328 - i; + } + + hashType = wc_OidGetHash(ret); + if (exp_ret < 0 && ret != exp_ret) + return -3338 - i; + if (exp_ret == 0 && hashType != typesGood[i]) + return -3348 - i; +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + } + + for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { + ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); + if (ret != BAD_FUNC_ARG && ret != BUFFER_E) + return -3358 - i; + } + +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + ret = wc_HashGetOID(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3368; +#else + if (ret != HASH_TYPE_E) + return -3369; +#endif + hashType = wc_OidGetHash(646); /* Md2h */ +#ifdef WOLFSSL_MD2 + if (hashType != WC_HASH_TYPE_MD2) + return -3370; +#else + if (hashType != WC_HASH_TYPE_NONE) + return -3371; +#endif + + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); +#ifndef NO_MD5 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3372; +#else + if (ret != HASH_TYPE_E) + return -3373; +#endif + ret = wc_HashGetOID(WC_HASH_TYPE_MD4); + if (ret != BAD_FUNC_ARG) + return -3374; + ret = wc_HashGetOID(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3375; + + hashType = wc_OidGetHash(0); + if (hashType != WC_HASH_TYPE_NONE) + return -3376; +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3377; +#else + if (ret != HASH_TYPE_E) + return -3378; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3379; +#else + if (ret != HASH_TYPE_E) + return -3380; +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3381; +#else + if (ret != HASH_TYPE_E) + return -3382; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3383; +#else + if (ret != HASH_TYPE_E) + return -3384; +#endif + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); +#if !defined(NO_MD5) && !defined(NO_SHA) + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3385; +#else + if (ret != HASH_TYPE_E) + return -3386; +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3387; +#else + if (ret != HASH_TYPE_E) + return -3388; +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) + return -3389; +#else + if (ret != HASH_TYPE_E) + return -3390; +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3391; + ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); + if (ret != BAD_FUNC_ARG) + return -3392; + +#ifndef NO_CERTS +#if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) + ret = wc_GetCTC_HashOID(MD2); + if (ret == 0) + return -3393; +#endif +#ifndef NO_MD5 + ret = wc_GetCTC_HashOID(WC_MD5); + if (ret == 0) + return -3394; +#endif +#ifndef NO_SHA + ret = wc_GetCTC_HashOID(WC_SHA); + if (ret == 0) + return -3395; +#endif +#ifdef WOLFSSL_SHA224 + ret = wc_GetCTC_HashOID(WC_SHA224); + if (ret == 0) + return -3396; +#endif +#ifndef NO_SHA256 + ret = wc_GetCTC_HashOID(WC_SHA256); + if (ret == 0) + return -3397; +#endif +#ifdef WOLFSSL_SHA384 + ret = wc_GetCTC_HashOID(WC_SHA384); + if (ret == 0) + return -3398; +#endif +#ifdef WOLFSSL_SHA512 + ret = wc_GetCTC_HashOID(WC_SHA512); + if (ret == 0) + return -3399; +#endif + ret = wc_GetCTC_HashOID(-1); + if (ret != 0) + return -3400; +#endif + + return 0; +} + +#if !defined(NO_HMAC) && !defined(NO_MD5) +int hmac_md5_test(void) +{ + Hmac hmac; + byte hash[WC_MD5_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + }; + + testVector a, b, c; + testVector test_hmac[3]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" + "\x9d"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" + "\x38"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD5_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" + "\xf6"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + + for (i = 0; i < times; ++i) { + #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) { + continue; /* cavium can't handle short keys, fips not allowed */ + } + #endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) { + return -3500; + } + + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -3501; + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3502; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -3503; + + if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) + return -3504 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE) + return -3514; +#endif + + return 0; +} +#endif /* NO_HMAC && NO_MD5 */ + +#if !defined(NO_HMAC) && !defined(NO_SHA) +int hmac_sha_test(void) +{ + Hmac hmac; + byte hash[WC_SHA_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + testVector a, b, c; + testVector test_hmac[3]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" + "\x8e\xf1\x46\xbe\x00"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" + "\x9c\x25\x9a\x7c\x79"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" + "\x4f\x63\xf1\x75\xd3"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -3600; + + ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -3601; + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3602; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -3603; + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) + return -3604 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE) + return -3614; +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) +int hmac_sha224_test(void) +{ + Hmac hmac; + byte hash[WC_SHA224_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" + "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA224_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d" + "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA224_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2" + "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA224_DIGEST_SIZE; + + d.input = "Big Key Input"; + d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" + "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA224_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -3700; + + ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -3701; + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3702; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -3703; + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) + return -3704 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE) + return -3714; +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && !defined(NO_SHA256) +int hmac_sha256_test(void) +{ + Hmac hmac; + byte hash[WC_SHA256_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" + "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" + "\xcf\xf7"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA256_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" + "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" + "\x38\x43"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA256_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81" + "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" + "\x65\xfe"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA256_DIGEST_SIZE; + + d.input = 0; + d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" + "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" + "\x3e\x46"; + d.inLen = 0; + d.outLen = WC_SHA256_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM) + if (i == 3) + continue; /* QuickAssist can't handle empty HMAC */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -3800 - i; + + ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -3810 - i; + if (test_hmac[i].input != NULL) { + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3820 - i; + } + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -3830 - i; + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) + return -3840 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE) + return -3850; + if (wc_HmacSizeByType(20) != BAD_FUNC_ARG) + return -3851; +#endif + if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE) + return -3852; + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +int hmac_sha384_test(void) +{ + Hmac hmac; + byte hash[WC_SHA384_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" + "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" + "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" + "\xfa\x9c\xb6"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA384_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" + "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22" + "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" + "\xb2\x16\x49"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA384_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8" + "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66" + "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" + "\xa3\x4f\x27"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA384_DIGEST_SIZE; + + d.input = "Big Key Input"; + d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" + "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" + "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" + "\x57\x41\x69"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA384_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -3900; + + ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -3901; + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -3902; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -3903; + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) + return -3904 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE) + return -3914; +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA512) +int hmac_sha512_test(void) +{ + Hmac hmac; + byte hash[WC_SHA512_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + int ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + + a.input = "Hi There"; + a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c" + "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1" + "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae" + "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20" + "\x3a\x12\x68\x54"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0" + "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25" + "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8" + "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a" + "\x38\xbc\xe7\x37"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b" + "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27" + "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e" + "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59" + "\xe1\x32\x92\xfb"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_DIGEST_SIZE; + + d.input = "Big Key Input"; + d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" + "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" + "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" + "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" + "\x1e\x18\xfe\xfa"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA512_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -4000; + + ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return -4001; + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return -4002; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -4003; + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) + return -4004 - i; + + wc_HmacFree(&hmac); + } + +#ifndef HAVE_FIPS + if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE) + return -4014; +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) +int hmac_sha3_test(void) +{ + Hmac hmac; + byte hash[WC_SHA3_512_DIGEST_SIZE]; + + const char* key[4] = + { + "Jefe", + + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + }; + + const char* input[4] = + { + "what do ya want for nothing?", + + "Hi There", + + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + + "Big Key Input" + }; + + const int hashType[4] = + { + WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512 + }; + + const int hashSz[4] = + { + WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE, + WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE + }; + + const char* output[16] = + { + /* key = jefe, input = what do ya want for nothing? */ + /* HMAC-SHA3-224 */ + "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11" + "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66", + /* HMAC-SHA3-256 */ + "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87" + "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5", + /* HMAC-SHA3-384 */ + "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21" + "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce" + "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a", + /* HMAC-SHA3-512 */ + "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83" + "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b" + "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" + "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24", + + /* key = 0b..., input = Hi There */ + /* HMAC-SHA3-224 */ + "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d" + "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7", + /* HMAC-SHA3-256 */ + "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51" + "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb", + /* HMAC-SHA3-384 */ + "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61" + "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a" + "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd", + /* HMAC-SHA3-512 */ + "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac" + "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba" + "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2" + "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e", + + /* key = aa..., output = dd... */ + /* HMAC-SHA3-224 */ + "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2" + "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a", + /* HMAC-SHA3-256 */ + "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96" + "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07", + /* HMAC-SHA3-384 */ + "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb" + "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73" + "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e", + /* HMAC-SHA3-512 */ + "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" + "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" + "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" + "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", + + /* key = big key, input = Big Key Input */ + /* HMAC-SHA3-224 */ + "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" + "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", + /* HMAC-SHA3-256 */ + "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" + "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", + /* HMAC-SHA3-384 */ + "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" + "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" + "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", + /* HMAC-SHA3-512 */ + "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" + "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" + "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" + "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" + + }; + + int i = 0, iMax = sizeof(input) / sizeof(input[0]), + j, jMax = sizeof(hashType) / sizeof(hashType[0]), + ret; + +#ifdef HAVE_FIPS + /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too + * short. Skip it in FIPS builds. */ + i = 1; +#endif + for (; i < iMax; i++) { + for (j = 0; j < jMax; j++) { + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return -4100; + + ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], + (word32)XSTRLEN(key[i])); + if (ret != 0) + return -4101; + ret = wc_HmacUpdate(&hmac, (byte*)input[i], + (word32)XSTRLEN(input[i])); + if (ret != 0) + return -4102; + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return -4103; + if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) + return -4104; + + wc_HmacFree(&hmac); + + if (i > 0) + continue; + + #ifndef HAVE_FIPS + ret = wc_HmacSizeByType(hashType[j]); + if (ret != hashSz[j]) + return -4105; + #endif + } + } + + return 0; +} +#endif + + +#ifndef NO_RC4 +int arc4_test(void) +{ + byte cipher[16]; + byte plain[16]; + + const char* keys[] = + { + "\x01\x23\x45\x67\x89\xab\xcd\xef", + "\x01\x23\x45\x67\x89\xab\xcd\xef", + "\x00\x00\x00\x00\x00\x00\x00\x00", + "\xef\x01\x23\x45" + }; + + testVector a, b, c, d; + testVector test_arc4[4]; + + int times = sizeof(test_arc4) / sizeof(testVector), i; + + a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; + a.inLen = 8; + a.outLen = 8; + + b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; + b.inLen = 8; + b.outLen = 8; + + c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; + c.inLen = 8; + c.outLen = 8; + + d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; + d.inLen = 10; + d.outLen = 10; + + test_arc4[0] = a; + test_arc4[1] = b; + test_arc4[2] = c; + test_arc4[3] = d; + + for (i = 0; i < times; ++i) { + Arc4 enc; + Arc4 dec; + int keylen = 8; /* XSTRLEN with key 0x00 not good */ + if (i == 3) + keylen = 4; + + if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0) + return -4200; + if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0) + return -4201; + + wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); + wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); + + wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, + (word32)test_arc4[i].outLen); + wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); + + if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) + return -4202 - i; + + if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) + return -4212 - i; + + wc_Arc4Free(&enc); + wc_Arc4Free(&dec); + } + + return 0; +} +#endif + + +int hc128_test(void) +{ +#ifdef HAVE_HC128 + byte cipher[16]; + byte plain[16]; + + const char* keys[] = + { + "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD", + "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC" + }; + + const char* ivs[] = + { + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16", + "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31" + }; + + + testVector a, b, c, d; + testVector test_hc128[4]; + + int times = sizeof(test_hc128) / sizeof(testVector), i; + + a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48"; + a.inLen = 8; + a.outLen = 8; + + b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F"; + b.inLen = 8; + b.outLen = 8; + + c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"; + c.inLen = 8; + c.outLen = 8; + + d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29"; + d.inLen = 15; + d.outLen = 15; + + test_hc128[0] = a; + test_hc128[1] = b; + test_hc128[2] = c; + test_hc128[3] = d; + + for (i = 0; i < times; ++i) { + HC128 enc; + HC128 dec; + + /* align keys/ivs in plain/cipher buffers */ + XMEMCPY(plain, keys[i], 16); + XMEMCPY(cipher, ivs[i], 16); + + wc_Hc128_SetKey(&enc, plain, cipher); + wc_Hc128_SetKey(&dec, plain, cipher); + + /* align input */ + XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen); + if (wc_Hc128_Process(&enc, cipher, plain, + (word32)test_hc128[i].outLen) != 0) { + return -4300; + } + if (wc_Hc128_Process(&dec, plain, cipher, + (word32)test_hc128[i].outLen) != 0) { + return -4301; + } + + if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) + return -4302 - i; + + if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) + return -4312 - i; + } + +#endif /* HAVE_HC128 */ + return 0; +} + + +#ifndef NO_RABBIT +int rabbit_test(void) +{ + byte cipher[16]; + byte plain[16]; + + const char* keys[] = + { + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91" + }; + + const char* ivs[] = + { + "\x00\x00\x00\x00\x00\x00\x00\x00", + "\x59\x7E\x26\xC1\x75\xF5\x73\xC3", + 0 + }; + + testVector a, b, c; + testVector test_rabbit[3]; + + int times = sizeof(test_rabbit) / sizeof(testVector), i; + + a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"; + a.inLen = 8; + a.outLen = 8; + + b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"; + b.inLen = 8; + b.outLen = 8; + + c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77"; + c.inLen = 8; + c.outLen = 8; + + test_rabbit[0] = a; + test_rabbit[1] = b; + test_rabbit[2] = c; + + for (i = 0; i < times; ++i) { + Rabbit enc; + Rabbit dec; + byte* iv; + + /* align keys/ivs in plain/cipher buffers */ + XMEMCPY(plain, keys[i], 16); + if (ivs[i]) { + XMEMCPY(cipher, ivs[i], 8); + iv = cipher; + } else + iv = NULL; + wc_RabbitSetKey(&enc, plain, iv); + wc_RabbitSetKey(&dec, plain, iv); + + /* align input */ + XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen); + wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen); + wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); + + if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen)) + return -4400 - i; + + if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen)) + return -4410 - i; + } + + return 0; +} +#endif /* NO_RABBIT */ + + +#ifdef HAVE_CHACHA +int chacha_test(void) +{ + ChaCha enc; + ChaCha dec; + byte cipher[128]; + byte plain[128]; + byte sliver[64]; + byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + word32 keySz = 32; + int ret = 0; + int i; + int times = 4; + + static const byte key1[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + static const byte key2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + static const byte key3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + /* 128 bit key */ + static const byte key4[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + + const byte* keys[] = {key1, key2, key3, key4}; + + static const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + static const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + static const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00}; + static const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + + const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4}; + +#ifndef BENCH_EMBEDDED + static const byte cipher_big_result[] = { + 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d, + 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a, + 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00, + 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32, + 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6, + 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17, + 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e, + 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0, + 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6, + 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87, + 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4, + 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28, + 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26, + 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d, + 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91, + 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4, + 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad, + 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0, + 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46, + 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb, + 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95, + 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a, + 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76, + 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5, + 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a, + 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8, + 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52, + 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7, + 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3, + 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef, + 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90, + 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56, + 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac, + 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85, + 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0, + 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d, + 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a, + 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d, + 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f, + 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda, + 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39, + 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83, + 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e, + 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92, + 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc, + 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3, + 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6, + 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9, + 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16, + 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7, + 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65, + 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f, + 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38, + 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9, + 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0, + 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb, + 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d, + 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44, + 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a, + 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80, + 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d, + 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce, + 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51, + 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24, + 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2, + 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88, + 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47, + 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45, + 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4, + 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c, + 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7, + 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92, + 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5, + 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc, + 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19, + 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3, + 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a, + 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9, + 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f, + 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89, + 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5, + 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c, + 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d, + 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99, + 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5, + 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18, + 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf, + 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3, + 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d, + 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca, + 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a, + 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39, + 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13, + 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee, + 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8, + 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc, + 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a, + 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2, + 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1, + 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07, + 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0, + 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3, + 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3, + 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19, + 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8, + 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02, + 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e, + 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22, + 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec + }; +#define CHACHA_BIG_TEST_SIZE 1305 +#ifndef WOLFSSL_SMALL_STACK + byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0}; + byte plain_big[CHACHA_BIG_TEST_SIZE] = {0}; + byte input_big[CHACHA_BIG_TEST_SIZE] = {0}; +#else + byte* cipher_big; + byte* plain_big; + byte* input_big; +#endif /* WOLFSSL_SMALL_STACK */ + int block_size; +#endif /* BENCH_EMBEDDED */ + + byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; + byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; + byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; + byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; + + byte* test_chacha[4]; + + test_chacha[0] = a; + test_chacha[1] = b; + test_chacha[2] = c; + test_chacha[3] = d; + +#ifndef BENCH_EMBEDDED +#ifdef WOLFSSL_SMALL_STACK + cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cipher_big == NULL) { + return MEMORY_E; + } + plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (plain_big == NULL) { + return MEMORY_E; + } + input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (input_big == NULL) { + return MEMORY_E; + } + XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE); + XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE); + XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE); +#endif /* WOLFSSL_SMALL_STACK */ +#endif /* BENCH_EMBEDDED */ + + for (i = 0; i < times; ++i) { + if (i < 3) { + keySz = 32; + } + else { + keySz = 16; + } + + XMEMCPY(plain, keys[i], keySz); + XMEMSET(cipher, 0, 32); + XMEMCPY(cipher + 4, ivs[i], 8); + + ret |= wc_Chacha_SetKey(&enc, keys[i], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[i], keySz); + if (ret != 0) + return ret; + + ret |= wc_Chacha_SetIV(&enc, cipher, 0); + ret |= wc_Chacha_SetIV(&dec, cipher, 0); + if (ret != 0) + return ret; + XMEMCPY(plain, input, 8); + + ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8); + ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8); + if (ret != 0) + return ret; + + if (XMEMCMP(test_chacha[i], cipher, 8)) + return -4500 - i; + + if (XMEMCMP(plain, input, 8)) + return -4510 - i; + } + + /* test of starting at a different counter + encrypts all of the information and decrypts starting at 2nd chunk */ + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */ + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMCPY(cipher + 4, ivs[0], 8); + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + return ret; + + ret |= wc_Chacha_SetIV(&enc, cipher, 0); + ret |= wc_Chacha_SetIV(&dec, cipher, 1); + if (ret != 0) + return ret; + + ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain)); + ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver)); + if (ret != 0) + return ret; + + if (XMEMCMP(plain + 64, sliver, 64)) + return -4520; + +#ifndef BENCH_EMBEDDED + /* test of encrypting more data */ + keySz = 32; + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + return ret; + + ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); + ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); + if (ret != 0) + return ret; + + ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE); + ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, + CHACHA_BIG_TEST_SIZE); + if (ret != 0) + return ret; + + if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) + return -4521; + + if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) + return -4522; + + for (i = 0; i < 18; ++i) { + /* this will test all paths */ + // block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 + block_size = (2 << (i%9)) - (i<9?1:0); + keySz = 32; + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + return ret; + + ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); + ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); + if (ret != 0) + return ret; + + ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size); + ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size); + if (ret != 0) + return ret; + + if (XMEMCMP(plain_big, input_big, block_size)) + return -4523-i; + + if (XMEMCMP(cipher_big, cipher_big_result, block_size)) + return -4524-i; + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(cipher_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(input_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ +#endif /* BENCH_EMBEDDED */ + + return 0; +} +#endif /* HAVE_CHACHA */ + + +#ifdef HAVE_POLY1305 +int poly1305_test(void) +{ + int ret = 0; + int i; + byte tag[16]; + Poly1305 enc; + + static const byte msg1[] = + { + 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, + 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, + 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, + 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, + 0x75,0x70 + }; + + static const byte msg2[] = + { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, + 0x6c,0x64,0x21 + }; + + static const byte msg3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + static const byte msg4[] = + { + 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, + 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, + 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, + 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, + 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, + 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, + 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, + 0x61,0x16 + }; + + static const byte msg5[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + }; + + static const byte msg6[] = + { + 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, + 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, + 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, + 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, + 0x61,0x16 + }; + + byte additional[] = + { + 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3, + 0xc4,0xc5,0xc6,0xc7 + }; + + static const byte correct0[] = + { + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + static const byte correct1[] = + { + 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, + 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 + }; + + static const byte correct2[] = + { + 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, + 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 + }; + + static const byte correct3[] = + { + 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, + 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 + }; + + static const byte correct4[] = + { + 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a, + 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91 + }; + + static const byte correct5[] = + { + 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + }; + + static const byte correct6[] = + { + 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae, + 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca + }; + + static const byte key[] = { + 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, + 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + static const byte key2[] = { + 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, + 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, + 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, + 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 + }; + + static const byte key4[] = { + 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf, + 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84, + 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb, + 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff + }; + + static const byte key5[] = { + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6}; + word32 szm[] = {0, sizeof(msg1), sizeof(msg2), + sizeof(msg3), sizeof(msg5), sizeof(msg6)}; + const byte* keys[] = {key, key, key2, key2, key5, key}; + const byte* tests[] = {correct0, correct1, correct2, correct3, correct5, + correct6}; + + for (i = 0; i < 6; i++) { + ret = wc_Poly1305SetKey(&enc, keys[i], 32); + if (ret != 0) + return -4600 - i; + + ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); + if (ret != 0) + return -4610 - i; + + ret = wc_Poly1305Final(&enc, tag); + if (ret != 0) + return -4620 - i; + + if (XMEMCMP(tag, tests[i], sizeof(tag))) + return -4630 - i; + } + + /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ + XMEMSET(tag, 0, sizeof(tag)); + ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); + if (ret != 0) + return -4640; + + ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), + (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); + if (ret != 0) + return -4641; + + if (XMEMCMP(tag, correct4, sizeof(tag))) + return -4642; + + /* Check fail of TLS MAC function if altering additional data */ + XMEMSET(tag, 0, sizeof(tag)); + additional[0]++; + ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), + (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); + if (ret != 0) + return -4643; + + if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) + return -4644; + + + return 0; +} +#endif /* HAVE_POLY1305 */ + + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +int chacha20_poly1305_aead_test(void) +{ + /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + + const byte key1[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + + const byte plaintext1[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + }; + + const byte iv1[] = { + 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, + 0x44, 0x45, 0x46, 0x47 + }; + + const byte aad1[] = { /* additional data */ + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + }; + + const byte cipher1[] = { /* expected output from operation */ + 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, + 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, + 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, + 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, + 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, + 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16 + }; + + const byte authTag1[] = { /* expected output from operation */ + 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, + 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 + }; + + /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + + const byte key2[] = { + 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, + 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, + 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, + 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 + }; + + const byte plaintext2[] = { + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, + 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, + 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, + 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, + 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, + 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, + 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, + 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, + 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, + 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, + 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, + 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, + 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, + 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72, + 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, + 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, + 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, + 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, + 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, + 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, + 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, + 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, + 0x9d + }; + + const byte iv2[] = { + 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08 + }; + + const byte aad2[] = { /* additional data */ + 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x4e, 0x91 + }; + + const byte cipher2[] = { /* expected output from operation */ + 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, + 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, + 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, + 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, + 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, + 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, + 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, + 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, + 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, + 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, + 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, + 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, + 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, + 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, + 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, + 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, + 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, + 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, + 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, + 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e, + 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, + 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, + 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, + 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, + 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, + 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e, + 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, + 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, + 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, + 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, + 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, + 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, + 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, + 0x9b + }; + + const byte authTag2[] = { /* expected output from operation */ + 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, + 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 + }; + + byte generatedCiphertext[265]; /* max plaintext2/cipher2 */ + byte generatedPlaintext[265]; /* max plaintext2/cipher2 */ + byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + int err; + + ChaChaPoly_Aead aead; + +#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) + #define TEST_SMALL_CHACHA_CHUNKS 32 +#else + #define TEST_SMALL_CHACHA_CHUNKS 64 +#endif + #ifdef TEST_SMALL_CHACHA_CHUNKS + word32 testLen; + #endif + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Parameter Validation testing */ + /* Encrypt */ + err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), generatedCiphertext, generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4700; + err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), + plaintext1, sizeof(plaintext1), generatedCiphertext, + generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4701; + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, + sizeof(plaintext1), generatedCiphertext, generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4702; + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), NULL, generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4703; + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), generatedCiphertext, NULL); + if (err != BAD_FUNC_ARG) + return -4704; + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, + 0, generatedCiphertext, generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4705; + /* Decrypt */ + err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != BAD_FUNC_ARG) + return -4706; + err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != BAD_FUNC_ARG) + return -4707; + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != BAD_FUNC_ARG) + return -4708; + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), NULL, generatedPlaintext); + if (err != BAD_FUNC_ARG) + return -4709; + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, NULL); + if (err != BAD_FUNC_ARG) + return -4710; + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, + 0, authTag2, generatedPlaintext); + if (err != BAD_FUNC_ARG) + return -4711; + + + /* Test #1 */ + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, + aad1, sizeof(aad1), + plaintext1, sizeof(plaintext1), + generatedCiphertext, generatedAuthTag); + if (err) { + return err; + } + + /* -- Check the ciphertext and authtag */ + if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { + return -4712; + } + if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { + return -4713; + } + + /* -- Verify decryption works */ + err = wc_ChaCha20Poly1305_Decrypt(key1, iv1, + aad1, sizeof(aad1), + cipher1, sizeof(cipher1), + authTag1, generatedPlaintext); + if (err) { + return err; + } + if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { + return -4714; + } + + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test #2 */ + err = wc_ChaCha20Poly1305_Encrypt(key2, iv2, + aad2, sizeof(aad2), + plaintext2, sizeof(plaintext2), + generatedCiphertext, generatedAuthTag); + if (err) { + return err; + } + + /* -- Check the ciphertext and authtag */ + if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { + return -4715; + } + if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { + return -4716; + } + + /* -- Verify decryption works */ + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, + aad2, sizeof(aad2), + cipher2, sizeof(cipher2), + authTag2, generatedPlaintext); + if (err) { + return err; + } + + if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { + return -4717; + } + + + /* AEAD init/update/final */ + err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != BAD_FUNC_ARG) + return -4718; + err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != BAD_FUNC_ARG) + return -4719; + err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != BAD_FUNC_ARG) + return -4720; + err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1)); + if (err != BAD_FUNC_ARG) + return -4721; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1)); + if (err != BAD_FUNC_ARG) + return -4722; + err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext, + generatedPlaintext, sizeof(plaintext1)); + if (err != BAD_FUNC_ARG) + return -4723; + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL, + sizeof(plaintext1)); + if (err != BAD_FUNC_ARG) + return -4724; + err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext, + sizeof(plaintext1)); + if (err != BAD_FUNC_ARG) + return -4725; + err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag); + if (err != BAD_FUNC_ARG) + return -4726; + err = wc_ChaCha20Poly1305_Final(&aead, NULL); + if (err != BAD_FUNC_ARG) + return -4727; + + /* AEAD init/update/final - state tests */ + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != BAD_STATE_E) + return -4728; + aead.state = CHACHA20_POLY1305_STATE_DATA; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != BAD_STATE_E) + return -4729; + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, + generatedPlaintext, sizeof(plaintext1)); + if (err != BAD_STATE_E) + return -4730; + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != BAD_STATE_E) + return -4731; + aead.state = CHACHA20_POLY1305_STATE_READY; + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != BAD_STATE_E) + return -4732; + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test 1 - Encrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, + CHACHA20_POLY1305_AEAD_ENCRYPT); + if (err != 0) + return -4733; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != 0) + return -4734; +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen<sizeof(plaintext1); ) { + word32 dataLen = sizeof(plaintext1) - testLen; + if (dataLen > TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen], + &generatedCiphertext[testLen], dataLen); + if (err != 0) + return -4735; + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1, + generatedCiphertext, sizeof(plaintext1)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return -4736; + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); + if (err != 0) + return -4737; + if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { + return -4738; + } + + /* Test 1 - Decrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != 0) + return -4739; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != 0) + return -4740; +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen<sizeof(plaintext1); ) { + word32 dataLen = sizeof(plaintext1) - testLen; + if (dataLen > TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, + &generatedCiphertext[testLen], &generatedPlaintext[testLen], + dataLen); + if (err != 0) + return -4741; + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, + generatedPlaintext, sizeof(cipher1)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return -4742; + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); + if (err != 0) + return -4743; + if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { + return -4744; + } + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test 2 - Encrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, + CHACHA20_POLY1305_AEAD_ENCRYPT); + if (err != 0) + return -4745; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); + if (err != 0) + return -4746; +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen<sizeof(plaintext2); ) { + word32 dataLen = sizeof(plaintext2) - testLen; + if (dataLen > TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen], + &generatedCiphertext[testLen], dataLen); + if (err != 0) + return -4747; + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext, + sizeof(plaintext2)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return -4748; + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); + if (err != 0) + return -4749; + if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { + return -4750; + } + + /* Test 2 - Decrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != 0) + return -4751; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); + if (err != 0) + return -4752; +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen<sizeof(plaintext2); ) { + word32 dataLen = sizeof(plaintext2) - testLen; + if (dataLen > TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, + &generatedCiphertext[testLen], &generatedPlaintext[testLen], + dataLen); + if (err != 0) + return -4753; + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, + generatedPlaintext, sizeof(cipher2)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return -4754; + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); + if (err != 0) + return -4755; + if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { + return -4756; + } + + return err; +} +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ + + +#ifndef NO_DES3 +int des_test(void) +{ + const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte plain[24]; + byte cipher[24]; + + Des enc; + Des dec; + + const byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + + const byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef + }; + + const byte verify[] = + { + 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, + 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, + 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b + }; + + int ret; + + ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); + if (ret != 0) + return -4800; + + ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); + if (ret != 0) + return -4801; + + ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); + if (ret != 0) + return -4802; + + ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); + if (ret != 0) + return -4803; + + if (XMEMCMP(plain, vector, sizeof(plain))) + return -4804; + + if (XMEMCMP(cipher, verify, sizeof(cipher))) + return -4805; + + ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv); + if (ret != 0) + return -4806; + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv, sizeof(iv)); + info.ivSz = sizeof(iv); + info.keySz = sizeof(key); + info.cipherType = WC_CIPHER_DES; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != 0) + return -4807; + + /* Test invalid info ptr */ + ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != BAD_FUNC_ARG) + return -4808; + + /* Test invalid hash type */ + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_NONE); + if (ret == 0) + return -4809; + } +#endif + + return 0; +} +#endif /* NO_DES3 */ + + +#ifndef NO_DES3 +int des3_test(void) +{ + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte plain[24]; + byte cipher[24]; + + Des3 enc; + Des3 dec; + + const byte key3[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv3[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + + }; + + const byte verify3[] = + { + 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e, + 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98, + 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 + }; + + int ret; + + + if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0) + return -4900; + if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0) + return -4901; + + ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); + if (ret != 0) + return -4902; + ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); + if (ret != 0) + return -4903; + ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -4904; + ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -4905; + + if (XMEMCMP(plain, vector, sizeof(plain))) + return -4906; + + if (XMEMCMP(cipher, verify3, sizeof(cipher))) + return -4907; + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + /* test the same vectors with using compatibility layer */ + { + DES_key_schedule ks1; + DES_key_schedule ks2; + DES_key_schedule ks3; + DES_cblock iv4; + + XMEMCPY(ks1, key3, sizeof(DES_key_schedule)); + XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule)); + XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule)); + XMEMCPY(iv4, iv3, sizeof(DES_cblock)); + + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(cipher, 0, sizeof(cipher)); + + DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3, + &iv4, DES_ENCRYPT); + DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3, + &iv4, DES_DECRYPT); + + if (XMEMCMP(plain, vector, sizeof(plain))) + return -4908; + + if (XMEMCMP(cipher, verify3, sizeof(cipher))) + return -4909; + } +#endif /* OPENSSL_EXTRA */ + + wc_Des3Free(&enc); + wc_Des3Free(&dec); + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv3, sizeof(iv3)); + info.ivSz = sizeof(iv3); + info.keySz = sizeof(key3); + info.cipherType = WC_CIPHER_DES3; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3, + sizeof(key3), WC_HASH_TYPE_SHA); + if (ret != 0) + return -4910; + } +#endif + + return 0; +} +#endif /* NO_DES */ + + +#ifndef NO_AES + +#if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) +#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +/* pass in the function, key, iv, plain text and expected and this function + * tests that the encryption and decryption is successful */ +static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, + const byte* iv, const byte* plain, int plainSz, + const byte* expected, int expectedSz) +{ + EVP_CIPHER_CTX ctx; + int idx, ret = 0, cipherSz; + byte* cipher; + + cipher = (byte*)XMALLOC(plainSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (cipher == NULL) { + return -4911; + } + + /* test encrypt */ + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, type, key, iv, 1) == 0) { + ret = -4912; + goto EVP_TEST_END; + } + + if (EVP_CipherUpdate(&ctx, cipher, &idx, plain, expectedSz) == 0) { + ret = -4913; + goto EVP_TEST_END; + } + + cipherSz = idx; + if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { + ret = -4914; + goto EVP_TEST_END; + } + cipherSz += idx; + + if (XMEMCMP(cipher, expected, plainSz)) { + ret = -4915; + goto EVP_TEST_END; + } + + /* test decrypt */ + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, type, key, iv, 0) == 0) { + ret = -4916; + goto EVP_TEST_END; + } + + if (EVP_CipherUpdate(&ctx, cipher, &idx, cipher, expectedSz) == 0) { + ret = -4917; + goto EVP_TEST_END; + } + + cipherSz = idx; + if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { + ret = -4918; + goto EVP_TEST_END; + } + cipherSz += idx; + + if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) { + ret = -4919; + goto EVP_TEST_END; + } + +EVP_TEST_END: + XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER); + (void)cipherSz; + return ret; +} +#endif /* OPENSSL_EXTRA */ +#endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */ + +#ifdef WOLFSSL_AES_OFB + /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */ + int aesofb_test(void) + { + #ifdef WOLFSSL_AES_256 + const byte key1[] = + { + 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, + 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, + 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, + 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 + }; + const byte iv1[] = + { + 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, + 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f + }; + const byte plain1[] = + { + 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, + 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, + 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, + 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, + 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, + 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c + }; + const byte cipher1[] = + { + 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, + 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, + 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, + 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, + 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, + 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 + }; + #endif /* WOLFSSL_AES_256 */ + + + #ifdef WOLFSSL_AES_128 + const byte key2[] = + { + 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3, + 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59 + }; + const byte iv2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + const byte plain2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + const byte cipher2[] = + { + 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0, + 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65 + }; + #endif /* WOLFSSL_AES_128 */ + + + #ifdef WOLFSSL_AES_192 + const byte key3[] = { + 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73, + 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45, + 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9 + }; + const byte iv3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + const byte cipher3[] = + { + 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45, + 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7 + }; + const byte plain3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + #endif /* WOLFSSL_AES_192 */ + + Aes enc; + byte cipher[AES_BLOCK_SIZE * 4]; + #ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE * 4]; + #endif + int ret = 0; + + (void)enc; + #ifdef HAVE_AES_DECRYPT + (void)dec; + #endif + +#ifdef WOLFSSL_AES_128 + /* 128 key size test */ + #ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2), + cipher2, sizeof(cipher2)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -4920; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -4921; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(&enc, cipher, plain2, AES_BLOCK_SIZE); + if (ret != 0) + return -4922; + + if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE)) + return -4923; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, plain, cipher2, AES_BLOCK_SIZE); + if (ret != 0) + return -4924; + + if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE)) + return -4925; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 key size test */ + #ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3), + cipher3, sizeof(cipher3)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + return -4926; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + return -4927; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(&enc, cipher, plain3, AES_BLOCK_SIZE); + if (ret != 0) + return -4928; + + if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE)) + return -4929; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, plain, cipher3, AES_BLOCK_SIZE); + if (ret != 0) + return -4930; + + if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE)) + return -4931; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key size test */ + #ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4932; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4933; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE); + if (ret != 0) + return -4934; + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE)) + return -4935; + + ret = wc_AesOfbEncrypt(&enc, cipher + AES_BLOCK_SIZE, + plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); + if (ret != 0) + return -4936; + + if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE, + AES_BLOCK_SIZE)) + return -4937; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE); + if (ret != 0) + return -4938; + + if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE)) + return -4939; + + ret = wc_AesOfbDecrypt(&dec, plain + AES_BLOCK_SIZE, + cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); + if (ret != 0) + return -4940; + + if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE, + AES_BLOCK_SIZE)) + return -4941; + #endif /* HAVE_AES_DECRYPT */ + + /* multiple blocks at once */ + ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4942; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4943; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE * 3); + if (ret != 0) + return -4944; + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3)) + return -4945; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE * 3); + if (ret != 0) + return -4946; + + if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3)) + return -4947; + #endif /* HAVE_AES_DECRYPT */ + + /* inline decrypt/encrypt*/ + ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4948; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4949; + #endif + + XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2); + ret = wc_AesOfbEncrypt(&enc, cipher, cipher, AES_BLOCK_SIZE * 2); + if (ret != 0) + return -4950; + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) + return -4951; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, cipher, cipher, AES_BLOCK_SIZE * 2); + if (ret != 0) + return -4952; + + if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2)) + return -4953; + #endif /* HAVE_AES_DECRYPT */ + + /* 256 key size test leftover support */ + ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4954; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + return -4955; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(&enc, cipher, plain1, 3); + if (ret != 0) + return -4956; + + if (XMEMCMP(cipher, cipher1, 3)) + return -4957; + + ret = wc_AesOfbEncrypt(&enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE); + if (ret != 0) + return -4958; + + if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE)) + return -4959; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(&dec, plain, cipher1, 6); + if (ret != 0) + return -4960; + + if (XMEMCMP(plain, plain1, 6)) + return -4961; + + ret = wc_AesOfbDecrypt(&dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE); + if (ret != 0) + return -4962; + + if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE)) + return -4963; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + + return 0; + } +#endif /* WOLFSSL_AES_OFB */ + +#if defined(WOLFSSL_AES_CFB) + /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/ + static int aescfb_test(void) + { + Aes enc; + byte cipher[AES_BLOCK_SIZE * 4]; + #ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE * 4]; + #endif + int ret = 0; + + const byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + }; + +#ifdef WOLFSSL_AES_128 + const byte key1[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte cipher1[] = + { + 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, + 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, + 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, + 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, + 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, + 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf + }; + + const byte msg1[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 size key test */ + const byte key2[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + const byte cipher2[] = + { + 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab, + 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74, + 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21, + 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a, + 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1, + 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9, + 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0, + 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff + }; + + const byte msg2[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 size key simple test */ + const byte key3[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + const byte cipher3[] = + { + 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b, + 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60, + 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8, + 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b, + 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92, + 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9, + 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8, + 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71 + }; + + const byte msg3[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; +#endif /* WOLFSSL_AES_256 */ + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -4964; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -4965; +#endif + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -4966; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -4967; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2); + if (ret != 0) + return -4968; + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) + return -4969; + + /* test restarting encryption process */ + ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2), + msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE); + if (ret != 0) + return -4970; + + if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2), + cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE)) + return -4971; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3); + if (ret != 0) + return -4972; + + if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) + return -4973; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2), + cipher2, sizeof(cipher2)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); + if (ret != 0) + return -4974; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION); + if (ret != 0) + return -4975; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4); + if (ret != 0) + return -4976; + + if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4)) + return -4977; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4); + if (ret != 0) + return -4978; + + if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) + return -4979; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3), + cipher3, sizeof(cipher3)); + if (ret != 0) { + return ret; + } + #endif + ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); + if (ret != 0) + return -4980; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION); + if (ret != 0) + return -4981; + #endif + + /* test with data left overs, magic lengths are checking near edges */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4); + if (ret != 0) + return -4982; + + if (XMEMCMP(cipher, cipher3, 4)) + return -4983; + + ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27); + if (ret != 0) + return -4984; + + if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) + return -4985; + + ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31, + (AES_BLOCK_SIZE * 4) - 31); + if (ret != 0) + return -4986; + + if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4)) + return -4987; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4); + if (ret != 0) + return -4988; + + if (XMEMCMP(plain, msg3, 4)) + return -4989; + + ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4); + if (ret != 0) + return -4990; + + ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23); + if (ret != 0) + return -4991; + + if (XMEMCMP(plain + 4, msg3 + 4, 27)) + return -4992; + + ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31, + (AES_BLOCK_SIZE * 4) - 31); + if (ret != 0) + return -4993; + + if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) + return -4994; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + + return ret; + } + +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + static int aescfb1_test(void) + { + Aes enc; + byte cipher[AES_BLOCK_SIZE]; + #ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; + #endif + int ret = 0; + +#ifdef WOLFSSL_AES_128 + const byte iv[] = { + 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9, + 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7 + }; + + const byte key1[] = + { + 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73, + 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66 + }; + + const byte cipher1[] = + { + 0x00 + }; + + const byte msg1[] = + { + 0xC0 + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + const byte iv2[] = { + 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13, + 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e + }; + + const byte key2[] = + { + 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10, + 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6, + 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a + }; + + const byte cipher2[] = + { + 0x30 + }; + + const byte msg2[] = + { + 0x80 + }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 + const byte iv3[] = { + 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e, + 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0 + }; + + const byte key3[] = + { + 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50, + 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e, + 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20, + 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40 + }; + + const byte cipher3[] = + { + 0xF7, 0x00 + }; + + const byte msg3[] = + { + 0x41, 0xC0 + }; +#endif /* WOLFSSL_AES_256 */ + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -4995; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -4996; +#endif + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -4997; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -4998; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, 2); + if (ret != 0) + return -4999; + + if (cipher[0] != cipher1[0]) + return -5000; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfb1Decrypt(&dec, plain, cipher, 2); + if (ret != 0) + return -5001; + + if (plain[0] != msg1[0]) + return -5002; + #endif /* HAVE_AES_DECRYPT */ + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -5003; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, + sizeof(msg1) * WOLFSSL_BIT_SIZE); + if (ret != 0) + return -5004; + + ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), + cipher, sizeof(msg1)); + if (ret != 0) { + return ret; + } + #endif +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + /* 192 key tests */ + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -5005; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, 4); + if (ret != 0) + return -5006; + if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0) + return -5007; + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -5008; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, + sizeof(msg2) * WOLFSSL_BIT_SIZE); + if (ret != 0) + return -5009; + + ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), + cipher, sizeof(msg2)); + if (ret != 0) { + return ret; + } + #endif +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key tests */ + ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + return -5010; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, 10); + if (ret != 0) + return -5011; + if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) + return -5012; + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + return -5013; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, + sizeof(msg3) * WOLFSSL_BIT_SIZE); + if (ret != 0) + return -5014; + + ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), + cipher, sizeof(msg3)); + if (ret != 0) { + return ret; + } + #endif +#endif /* WOLFSSL_AES_256 */ + return ret; + } + + static int aescfb8_test(void) + { + Aes enc; + byte cipher[AES_BLOCK_SIZE]; + #ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; + #endif + int ret = 0; + +#ifdef WOLFSSL_AES_128 + const byte iv[] = { + 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae, + 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22 + }; + + const byte key1[] = + { + 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46, + 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4 + }; + + const byte cipher1[] = + { + 0xd2,0x76,0x91 + }; + + const byte msg1[] = + { + 0xc9,0x06,0x35 + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + const byte iv2[] = { + 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93, + 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29 + }; + + const byte key2[] = + { + 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5, + 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54, + 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3 + }; + + const byte cipher2[] = + { + 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e, + 0xb5,0xe8 + }; + + const byte msg2[] = + { + 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3, + 0x3a,0x60 + }; +#endif +#ifdef WOLFSSL_AES_256 + const byte iv3[] = { + 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44, + 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b + }; + + const byte key3[] = + { + 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc, + 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9, + 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23, + 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66 + }; + + const byte cipher3[] = + { + 0x1c,0xff,0x95 + }; + + const byte msg3[] = + { + 0xb9,0x74,0xfa + }; +#endif + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -5015; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -5016; +#endif + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + #ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + return ret; + } + #endif + ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -5017; + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -5018; + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(&enc, cipher, msg1, sizeof(msg1)); + if (ret != 0) + return -5019; + + if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0) + return -5020; + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfb8Decrypt(&dec, plain, cipher, sizeof(msg1)); + if (ret != 0) + return -5021; + + if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0) + return -5022; + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + /* 192 key tests */ + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -5023; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(&enc, cipher, msg2, sizeof(msg2)); + if (ret != 0) + return -5024; + if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) + return -5025; +#ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), + cipher2, sizeof(msg2)); + if (ret != 0) { + return ret; + } +#endif + +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key tests */ + ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + return -5026; + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(&enc, cipher, msg3, sizeof(msg3)); + if (ret != 0) + return -5027; + if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) + return -5028; + + #ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), + cipher3, sizeof(msg3)); + if (ret != 0) { + return ret; + } + #endif +#endif /* WOLFSSL_AES_256 */ + + return ret; + } +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ +#endif /* WOLFSSL_AES_CFB */ + + +static int aes_key_size_test(void) +{ + int ret; + Aes aes; + byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; + byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; + byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; + byte iv[] = "1234567890abcdef"; +#ifndef HAVE_FIPS + word32 keySize; +#endif + +#if !defined(HAVE_FIPS) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not + * supported with that FIPS version */ + ret = wc_AesInit(NULL, HEAP_HINT, devId); + if (ret != BAD_FUNC_ARG) + return -5100; +#endif + + ret = wc_AesInit(&aes, HEAP_HINT, devId); + /* 0 check OK for FIPSv1 */ + if (ret != 0) + return -5101; + +#ifndef HAVE_FIPS + /* Parameter Validation testing. */ + ret = wc_AesGetKeySize(NULL, NULL); + if (ret != BAD_FUNC_ARG) + return -5102; + ret = wc_AesGetKeySize(&aes, NULL); + if (ret != BAD_FUNC_ARG) + return -5103; + ret = wc_AesGetKeySize(NULL, &keySize); + if (ret != BAD_FUNC_ARG) + return -5104; + /* Crashes in FIPS */ + ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); + if (ret != BAD_FUNC_ARG) + return -5105; +#endif + /* NULL IV indicates to use all zeros IV. */ + ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 + if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -5106; + ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); + if (ret != BAD_FUNC_ARG) + return -5107; +/* CryptoCell handles rounds internally */ +#if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL) + /* Force invalid rounds */ + aes.rounds = 16; + ret = wc_AesGetKeySize(&aes, &keySize); + if (ret != BAD_FUNC_ARG) + return -5108; +#endif + + ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 + if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -5109; +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) + ret = wc_AesGetKeySize(&aes, &keySize); + if (ret != 0 || keySize != sizeof(key16)) + return -5110; +#endif + + ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_192 + if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -5111; +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) + ret = wc_AesGetKeySize(&aes, &keySize); + if (ret != 0 || keySize != sizeof(key24)) + return -5112; +#endif + + ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_256 + if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -5113; +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + ret = wc_AesGetKeySize(&aes, &keySize); + if (ret != 0 || keySize != sizeof(key32)) + return -5114; +#endif + + return 0; +} + +#if defined(WOLFSSL_AES_XTS) +/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ +#ifdef WOLFSSL_AES_128 +static int aes_xts_128_test(void) +{ + XtsAes aes; + int ret = 0; + unsigned char buf[AES_BLOCK_SIZE * 2]; + unsigned char cipher[AES_BLOCK_SIZE * 2]; + + /* 128 key tests */ + static unsigned char k1[] = { + 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, + 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, + 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, + 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f + }; + + static unsigned char i1[] = { + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + static unsigned char p1[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c + }; + + /* plain text test of partial block is not from NIST test vector list */ + static unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + static unsigned char c1[] = { + 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, + 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 + }; + + static unsigned char k2[] = { + 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, + 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, + 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, + 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 + }; + + static unsigned char i2[] = { + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 + }; + + static unsigned char p2[] = { + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 + }; + + static unsigned char c2[] = { + 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, + 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, + 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, + 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 + }; + +#ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); + if (ret != 0) { + printf("EVP_aes_128_xts failed!\n"); + return ret; + } +#endif + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5200; + + ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5201; + if (XMEMCMP(c2, buf, sizeof(c2))) + return -5202; + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5203; + ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5204; + if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) + return -5205; + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5206; + wc_AesXtsFree(&aes); + + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5207; + ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5208; + if (XMEMCMP(pp, buf, sizeof(pp))) + return -5209; + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5210; + if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + return -5211; + + /* fail case with decrypting using wrong key */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5212; + if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ + return -5213; + + /* set correct key and retest */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5214; + ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5215; + if (XMEMCMP(p2, buf, sizeof(p2))) + return -5216; + wc_AesXtsFree(&aes); + + return ret; +} +#endif /* WOLFSSL_AES_128 */ + + +#ifdef WOLFSSL_AES_256 +static int aes_xts_256_test(void) +{ + XtsAes aes; + int ret = 0; + unsigned char buf[AES_BLOCK_SIZE * 3]; + unsigned char cipher[AES_BLOCK_SIZE * 3]; + + /* 256 key tests */ + static unsigned char k1[] = { + 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, + 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, + 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, + 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, + 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, + 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, + 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, + 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08 + }; + + static unsigned char i1[] = { + 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, + 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64 + }; + + static unsigned char p1[] = { + 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, + 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64, + 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, + 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e + }; + + /* plain text test of partial block is not from NIST test vector list */ + static unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + static unsigned char c1[] = { + 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, + 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13, + 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, + 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb + }; + + static unsigned char k2[] = { + 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, + 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, + 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, + 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, + 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, + 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a, + 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12, + 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4 + }; + + static unsigned char i2[] = { + 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0, + 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f + }; + + static unsigned char p2[] = { + 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00, + 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53, + 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89, + 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd, + 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61, + 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc + }; + + static unsigned char c2[] = { + 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10, + 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1, + 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61, + 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89, + 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b, + 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92 + }; + +#ifdef OPENSSL_EXTRA + ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); + if (ret != 0) { + printf("EVP_aes_256_xts failed\n"); + return ret; + } +#endif + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5300; + ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5301; + if (XMEMCMP(c2, buf, sizeof(c2))) + return -5302; + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5303; + ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5304; + if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) + return -5305; + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5306; + wc_AesXtsFree(&aes); + + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5307; + ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5308; + if (XMEMCMP(pp, buf, sizeof(pp))) + return -5309; + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5310; + if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + return -5311; + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5312; + ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5313; + if (XMEMCMP(p2, buf, sizeof(p2))) + return -5314; + wc_AesXtsFree(&aes); + + return ret; +} +#endif /* WOLFSSL_AES_256 */ + + +#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) +/* both 128 and 256 bit key test */ +static int aes_xts_sector_test(void) +{ + XtsAes aes; + int ret = 0; + unsigned char buf[AES_BLOCK_SIZE * 2]; + + /* 128 key tests */ + static unsigned char k1[] = { + 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, + 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, + 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, + 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c + }; + + static unsigned char p1[] = { + 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, + 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c + }; + + static unsigned char c1[] = { + 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, + 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 + }; + word64 s1 = 141; + + /* 256 key tests */ + static unsigned char k2[] = { + 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, + 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, + 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, + 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, + 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, + 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, + 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, + 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 + }; + + static unsigned char p2[] = { + 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, + 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, + 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, + 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 + }; + + static unsigned char c2[] = { + 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, + 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, + 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, + 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d + }; + word64 s2 = 187; + + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5400; + ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5401; + if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) + return -5402; + + /* decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5403; + ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5404; + if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) + return -5405; + wc_AesXtsFree(&aes); + + /* 256 bit key tests */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5406; + ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5407; + if (XMEMCMP(c2, buf, sizeof(c2))) + return -5408; + + /* decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5409; + ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5410; + if (XMEMCMP(p2, buf, sizeof(p2))) + return -5411; + wc_AesXtsFree(&aes); + + return ret; +} +#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */ + + +#ifdef WOLFSSL_AES_128 +/* testing of bad arguments */ +static int aes_xts_args_test(void) +{ + XtsAes aes; + int ret = 0; + unsigned char buf[AES_BLOCK_SIZE * 2]; + + /* 128 key tests */ + static unsigned char k1[] = { + 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, + 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, + 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, + 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c + }; + + static unsigned char p1[] = { + 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, + 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c + }; + + static unsigned char c1[] = { + 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, + 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 + }; + word64 s1 = 141; + + if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) == 0) + return -5500; + if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) == 0) + return -5501; + + /* encryption operations */ + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId) != 0) + return -5502; + ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + return -5503; + + ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + return -5504; + wc_AesXtsFree(&aes); + + /* decryption operations */ + if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, + HEAP_HINT, devId) != 0) + return -5505; + ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + return -5506; + + ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + return -5507; + wc_AesXtsFree(&aes); + + return 0; +} +#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_XTS */ + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +static int aes_cbc_test(void) +{ + byte cipher[AES_BLOCK_SIZE]; + byte plain[AES_BLOCK_SIZE]; + int ret; + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + XMEMSET(plain, 0, AES_BLOCK_SIZE); + + /* Parameter Validation testing. */ + ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); + if (ret != BAD_FUNC_ARG) + return -5600; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); + if (ret != BAD_FUNC_ARG) + return -5601; +#endif + + ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, + AES_BLOCK_SIZE, iv); + if (ret != 0) + return -5602; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, + AES_BLOCK_SIZE, iv); + if (ret != 0) + return -5603; + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) + return -5604; +#endif /* HAVE_AES_DECRYPT */ + + (void)plain; + return 0; +} +#endif + +int aes_test(void) +{ +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) + Aes enc; + byte cipher[AES_BLOCK_SIZE * 4]; +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + Aes dec; + byte plain [AES_BLOCK_SIZE * 4]; +#endif +#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ + int ret = 0; + +#ifdef HAVE_AES_CBC +#ifdef WOLFSSL_AES_128 + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -5700; +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -5701; +#endif + ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -5702; +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + if (ret != 0) + return -5703; +#endif + + XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); + ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5704; +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); + ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5705; + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -5706; +#endif /* HAVE_AES_DECRYPT */ + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -5707; +#endif /* WOLFSSL_AES_128 */ + +#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) + { + const byte bigMsg[] = { + /* "All work and no play makes Jack a dull boy. " */ + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 + }; + const byte bigKey[] = "0123456789abcdeffedcba9876543210"; + byte bigCipher[sizeof(bigMsg)]; + byte bigPlain[sizeof(bigMsg)]; + word32 keySz, msgSz; + + /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole + * message by AES_BLOCK_SIZE for each size of AES key. */ + for (keySz = 16; keySz <= 32; keySz += 8) { + for (msgSz = AES_BLOCK_SIZE; + msgSz <= sizeof(bigMsg); + msgSz += AES_BLOCK_SIZE) { + + XMEMSET(bigCipher, 0, sizeof(bigCipher)); + XMEMSET(bigPlain, 0, sizeof(bigPlain)); + ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); + if (ret != 0) + return -5708; + ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); + if (ret != 0) + return -5709; + + ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5710; + + ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5711; + + if (XMEMCMP(bigPlain, bigMsg, msgSz)) + return -5712; + } + } + } +#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */ + + /* Test of AES IV state with encrypt/decrypt */ +#ifdef WOLFSSL_AES_128 + { + /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition" + * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf + */ + const byte msg2[] = + { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 + }; + + const byte verify2[] = + { + 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2 + }; + byte key2[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + }; + byte iv2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + + + ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + return -5713; + XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2); + ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5714; + if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) + return -5715; + + ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE, + msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5716; + if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, + AES_BLOCK_SIZE)) + return -5717; + + #if defined(HAVE_AES_DECRYPT) + ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION); + if (ret != 0) + return -5718; + XMEMSET(plain, 0, AES_BLOCK_SIZE * 2); + ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5719; + if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE)) + return -5720; + + ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE, + verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + return -5721; + if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, + AES_BLOCK_SIZE)) + return -5722; + + #endif /* HAVE_AES_DECRYPT */ + } +#endif /* WOLFSSL_AES_128 */ +#endif /* HAVE_AES_CBC */ + +#ifdef WOLFSSL_AES_COUNTER + { + /* test vectors from "Recommendation for Block Cipher Modes of + * Operation" NIST Special Publication 800-38A */ + + const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + +#ifdef WOLFSSL_AES_128 + const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; + + const byte ctr128Key[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte ctr128Cipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, + 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, + 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, + 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, + 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, + 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, + 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 + }; +#endif +#ifdef WOLFSSL_AES_256 + const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, + 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, + 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, + 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, + 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, + 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, + 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 + }; +#endif + +#ifdef WOLFSSL_AES_128 + wc_AesSetKeyDirect(&enc, ctr128Key, sizeof(ctr128Key), + ctrIv, AES_ENCRYPTION); + /* Ctr only uses encrypt, even on key setup */ + wc_AesSetKeyDirect(&dec, ctr128Key, sizeof(ctr128Key), + ctrIv, AES_ENCRYPTION); + + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -5723; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); + if (ret != 0) { + return -5724; + } + if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) + return -5725; + + if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) + return -5726; + + /* let's try with just 9 bytes, non block size test */ + wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE, + ctrIv, AES_ENCRYPTION); + /* Ctr only uses encrypt, even on key setup */ + wc_AesSetKeyDirect(&dec, ctr128Key, AES_BLOCK_SIZE, + ctrIv, AES_ENCRYPTION); + + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); + if (ret != 0) { + return -5727; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + if (ret != 0) { + return -5728; + } + + if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) + return -5729; + + if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) + return -5730; + + /* and an additional 9 bytes to reuse tmp left buffer */ + ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); + if (ret != 0) { + return -5731; + } + ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); + if (ret != 0) { + return -5732; + } + + if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) + return -5733; + + if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) + return -5734; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 bit key */ + wc_AesSetKeyDirect(&enc, ctr192Key, sizeof(ctr192Key), + ctrIv, AES_ENCRYPTION); + /* Ctr only uses encrypt, even on key setup */ + wc_AesSetKeyDirect(&dec, ctr192Key, sizeof(ctr192Key), + ctrIv, AES_ENCRYPTION); + + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); + if (ret != 0) { + return -5735; + } + + if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) + return -5736; + + ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -5737; + } + if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) + return -5738; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 bit key */ + wc_AesSetKeyDirect(&enc, ctr256Key, sizeof(ctr256Key), + ctrIv, AES_ENCRYPTION); + /* Ctr only uses encrypt, even on key setup */ + wc_AesSetKeyDirect(&dec, ctr256Key, sizeof(ctr256Key), + ctrIv, AES_ENCRYPTION); + + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); + if (ret != 0) { + return -5739; + } + + if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) + return -5740; + + ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); + if (ret != 0) { + return -5741; + } + if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) + return -5742; +#endif /* WOLFSSL_AES_256 */ + } +#endif /* WOLFSSL_AES_COUNTER */ + +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + { + const byte niPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte niCipher[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte niKey[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + if (ret != 0) + return -5743; + wc_AesEncryptDirect(&enc, cipher, niPlain); + if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) + return -5744; + + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + if (ret != 0) + return -5745; + wc_AesDecryptDirect(&dec, plain, niCipher); + if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) + return -5746; + } +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + + ret = aes_key_size_test(); + if (ret != 0) + return ret; + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + ret = aes_cbc_test(); + if (ret != 0) + return ret; +#endif + +#if defined(WOLFSSL_AES_XTS) + #ifdef WOLFSSL_AES_128 + ret = aes_xts_128_test(); + if (ret != 0) + return ret; + #endif + #ifdef WOLFSSL_AES_256 + ret = aes_xts_256_test(); + if (ret != 0) + return ret; + #endif + #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) + ret = aes_xts_sector_test(); + if (ret != 0) + return ret; + #endif + #ifdef WOLFSSL_AES_128 + ret = aes_xts_args_test(); + if (ret != 0) + return ret; + #endif +#endif + +#if defined(WOLFSSL_AES_CFB) + ret = aescfb_test(); + if (ret != 0) + return ret; +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = aescfb1_test(); + if (ret != 0) + return ret; + + ret = aescfb8_test(); + if (ret != 0) + return ret; +#endif +#endif + + +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) + wc_AesFree(&enc); + (void)cipher; +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + wc_AesFree(&dec); + (void)plain; +#endif +#endif + + return ret; +} + +#ifdef WOLFSSL_AES_192 +int aes192_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain[AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + + const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 + }; + + byte key[] = { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -5800; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -5801; +#endif + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -5802; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -5803; +#endif + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5804; +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5805; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -5806; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -5807; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + +#endif /* HAVE_AES_CBC */ + + return ret; +} +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 +int aes256_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain[AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 + }; + + byte key[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -5900; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -5901; +#endif + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -5902; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -5903; +#endif + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5904; +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return -5905; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -5906; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -5907; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + +#endif /* HAVE_AES_CBC */ + + return ret; +} +#endif /* WOLFSSL_AES_256 */ + + +#ifdef HAVE_AESGCM + +static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz, + byte* plain, int plainSz, byte* cipher, int cipherSz, + byte* aad, int aadSz, byte* tag, int tagSz) +{ + Aes enc; + Aes dec; + + byte resultT[AES_BLOCK_SIZE]; + byte resultP[AES_BLOCK_SIZE * 3]; + byte resultC[AES_BLOCK_SIZE * 3]; + int result; + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { + return -5908; + } + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { + return -5909; + } + + result = wc_AesGcmSetKey(&enc, key, keySz); + if (result != 0) + return -5910; + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, plain, plainSz, iv, ivSz, + resultT, tagSz, aad, aadSz); + +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -5911; + if (cipher != NULL) { + if (XMEMCMP(cipher, resultC, cipherSz)) + return -5912; + } + if (XMEMCMP(tag, resultT, tagSz)) + return -5913; + + wc_AesFree(&enc); + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmSetKey(&dec, key, keySz); + if (result != 0) + return -5914; + + result = wc_AesGcmDecrypt(&dec, resultP, resultC, cipherSz, + iv, ivSz, resultT, tagSz, aad, aadSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -5915; + if (plain != NULL) { + if (XMEMCMP(plain, resultP, plainSz)) + return -5916; + } + + wc_AesFree(&dec); +#endif /* HAVE_AES_DECRYPT */ + + return 0; +} + + +/* tests that only use 12 byte IV and 16 or less byte AAD + * test vectors are from NIST SP 800-38D + * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/ +int aesgcm_default_test(void) +{ + byte key1[] = { + 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, + 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc + }; + + byte iv1[] = { + 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, + 0xe4, 0xed, 0x2f, 0x6d + }; + + ALIGN64 byte plain1[] = { + 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, + 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, + 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, + 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 + }; + + byte aad1[] = { + 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, + 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 + }; + + ALIGN64 byte cipher1[] = { + 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, + 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, + 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, + 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb + }; + + byte tag1[] = { + 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, + 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 + }; + + byte key2[] = { + 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe, + 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64 + }; + + byte iv2[] = { + 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78, + 0xc9, 0x8a, 0xff, 0xe3 + }; + + ALIGN64 byte plain2[] = { + 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b, + 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7 + }; + + ALIGN64 byte cipher2[] = { + 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe, + 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c + }; + + byte tag2[] = { + 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68, + 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19 + }; + + byte key3[] = { + 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba, + 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f + }; + + byte iv3[] = { + 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45, + 0x6a, 0x4b, 0xd5, 0xe1 + }; + + byte tag3[] = { + 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68, + 0x11, 0x64, 0xb2, 0xff + }; + + int ret; + ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1), + plain1, sizeof(plain1), cipher1, sizeof(cipher1), + aad1, sizeof(aad1), tag1, sizeof(tag1)); + if (ret != 0) { + return ret; + } + ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2), + plain2, sizeof(plain2), cipher2, sizeof(cipher2), + NULL, 0, tag2, sizeof(tag2)); + if (ret != 0) { + return ret; + } + ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3), + NULL, 0, NULL, 0, + NULL, 0, tag3, sizeof(tag3)); + if (ret != 0) { + return ret; + } + + return 0; +} + +int aesgcm_test(void) +{ + Aes enc; + Aes dec; + + /* + * This is Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + const byte p[] = + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_256) + const byte a[] = + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; +#endif + +#ifdef WOLFSSL_AES_256 + const byte k1[] = + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }; + + const byte iv1[] = + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + + const byte c1[] = + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; +#endif /* WOLFSSL_AES_256 */ + + const byte t1[] = + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }; + + /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */ +#if !defined(HAVE_FIPS) && \ + !defined(WOLFSSL_PIC32MZ_CRYPT) && \ + !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \ + !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ + !(defined(WOLF_CRYPTO_CB) && \ + (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) + + #define ENABLE_NON_12BYTE_IV_TEST +#ifdef WOLFSSL_AES_192 + /* Test Case 12, uses same plaintext and AAD data. */ + const byte k2[] = + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c + }; + + const byte iv2[] = + { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b + }; + + const byte c2[] = + { + 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, + 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, + 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, + 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, + 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, + 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, + 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, + 0xe9, 0xb7, 0x37, 0x3b + }; + + const byte t2[] = + { + 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, + 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 + }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_128 + /* The following is an interesting test case from the example + * FIPS test vectors for AES-GCM. IVlen = 1 byte */ + const byte p3[] = + { + 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5, + 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 + }; + + const byte k3[] = + { + 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a, + 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b + }; + + const byte iv3[] = + { + 0xca + }; + + const byte c3[] = + { + 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f, + 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07 + }; + + const byte a3[] = + { + 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1, + 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54 + }; + + const byte t3[] = + { + 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, + 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_256 + int ivlen; +#endif +#endif + + byte resultT[sizeof(t1)]; + byte resultP[sizeof(p) + AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + AES_BLOCK_SIZE]; + int result; +#ifdef WOLFSSL_AES_256 + int alen; + #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) + int plen; + #endif +#endif + +#if !defined(BENCH_EMBEDDED) + #ifndef BENCH_AESGCM_LARGE + #define BENCH_AESGCM_LARGE 1024 + #endif + byte large_input[BENCH_AESGCM_LARGE]; + byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE]; + byte large_outdec[BENCH_AESGCM_LARGE]; + + XMEMSET(large_input, 0, sizeof(large_input)); + XMEMSET(large_output, 0, sizeof(large_output)); + XMEMSET(large_outdec, 0, sizeof(large_outdec)); +#endif + + (void)result; + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { + return -6100; + } + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { + return -6101; + } + +#ifdef WOLFSSL_AES_256 + result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); + if (result != 0) + return -6102; + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), + resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6103; + if (XMEMCMP(c1, resultC, sizeof(c1))) + return -6104; + if (XMEMCMP(t1, resultT, sizeof(resultT))) + return -6105; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmSetKey(&dec, k1, sizeof(k1)); + if (result != 0) + return -6106; + + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), + iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6107; + if (XMEMCMP(p, resultP, sizeof(p))) + return -6108; +#endif /* HAVE_AES_DECRYPT */ + + /* Large buffer test */ +#ifdef BENCH_AESGCM_LARGE + /* setup test buffer */ + for (alen=0; alen<BENCH_AESGCM_LARGE; alen++) + large_input[alen] = (byte)alen; + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, large_output, large_input, + BENCH_AESGCM_LARGE, iv1, sizeof(iv1), + resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6109; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&dec, large_outdec, large_output, + BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, + sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6110; + if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) + return -6111; +#endif /* HAVE_AES_DECRYPT */ +#endif /* BENCH_AESGCM_LARGE */ +#if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256) + /* Variable IV length test */ + for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), k1, + (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6112; +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), k1, + (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6113; +#endif /* HAVE_AES_DECRYPT */ + } +#endif + +#if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC)) + /* Variable authenticated data length test */ + for (alen=0; alen<(int)sizeof(p); alen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, + sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6114; +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), iv1, + sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6115; +#endif /* HAVE_AES_DECRYPT */ + } +#endif + +#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) +#ifdef BENCH_AESGCM_LARGE + /* Variable plain text length test */ + for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, large_output, large_input, + plen, iv1, sizeof(iv1), resultT, + sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6116; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&dec, large_outdec, large_output, + plen, iv1, sizeof(iv1), resultT, + sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6117; +#endif /* HAVE_AES_DECRYPT */ + } +#else /* BENCH_AESGCM_LARGE */ + /* Variable plain text length test */ + for (plen=1; plen<(int)sizeof(p); plen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, (word32)plen, iv1, + sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6118; +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&dec, resultP, resultC, (word32)plen, iv1, + sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6119; +#endif /* HAVE_AES_DECRYPT */ + } +#endif /* BENCH_AESGCM_LARGE */ +#endif +#endif /* WOLFSSL_AES_256 */ + + /* test with IV != 12 bytes */ +#ifdef ENABLE_NON_12BYTE_IV_TEST + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + +#ifdef WOLFSSL_AES_192 + wc_AesGcmSetKey(&enc, k2, sizeof(k2)); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2), + resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6120; + if (XMEMCMP(c2, resultC, sizeof(c2))) + return -6121; + if (XMEMCMP(t2, resultT, sizeof(resultT))) + return -6122; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c1), + iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6123; + if (XMEMCMP(p, resultP, sizeof(p))) + return -6124; +#endif /* HAVE_AES_DECRYPT */ + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_128 + wc_AesGcmSetKey(&enc, k3, sizeof(k3)); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), + resultT, sizeof(t3), a3, sizeof(a3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6125; + if (XMEMCMP(c3, resultC, sizeof(c3))) + return -6126; + if (XMEMCMP(t3, resultT, sizeof(t3))) + return -6127; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3), + iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6128; + if (XMEMCMP(p3, resultP, sizeof(p3))) + return -6129; +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ +#endif /* ENABLE_NON_12BYTE_IV_TEST */ + +#if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ + !defined(WOLFSSL_XILINX_CRYPT) && \ + !(defined(WOLF_CRYPTO_CB) && \ + defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(&enc, k1, sizeof(k1)); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), + resultT + 1, sizeof(resultT) - 1, a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6130; + if (XMEMCMP(c1, resultC, sizeof(c1))) + return -6131; + if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1)) + return -6132; + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(p), + iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6133; + if (XMEMCMP(p, resultP, sizeof(p))) + return -6134; +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + /* Test encrypt with internally generated IV */ +#if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \ + && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC)) + { + WC_RNG rng; + byte randIV[12]; + + result = wc_InitRng(&rng); + if (result != 0) + return -6135; + + XMEMSET(randIV, 0, sizeof(randIV)); + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(&enc, k1, sizeof(k1)); + result = wc_AesGcmSetIV(&enc, sizeof(randIV), NULL, 0, &rng); + if (result != 0) + return -6136; + + result = wc_AesGcmEncrypt_ex(&enc, + resultC, p, sizeof(p), + randIV, sizeof(randIV), + resultT, sizeof(resultT), + a, sizeof(a)); + #if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (result != 0) + return -6137; + + /* Check the IV has been set. */ + { + word32 i, ivSum = 0; + + for (i = 0; i < sizeof(randIV); i++) + ivSum += randIV[i]; + if (ivSum == 0) + return -6138; + } + +#ifdef HAVE_AES_DECRYPT + wc_AesGcmSetKey(&dec, k1, sizeof(k1)); + result = wc_AesGcmSetIV(&dec, sizeof(randIV), NULL, 0, &rng); + if (result != 0) + return -6139; + + result = wc_AesGcmDecrypt(&dec, + resultP, resultC, sizeof(c1), + randIV, sizeof(randIV), + resultT, sizeof(resultT), + a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (result != 0) + return -6140; + if (XMEMCMP(p, resultP, sizeof(p))) + return -6141; +#endif /* HAVE_AES_DECRYPT */ + + wc_FreeRng(&rng); + } +#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */ +#endif /* HAVE_FIPS_VERSION >= 2 */ + + wc_AesFree(&enc); + wc_AesFree(&dec); + + return 0; +} + +#ifdef WOLFSSL_AES_128 +int gmac_test(void) +{ + Gmac gmac; + + const byte k1[] = + { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; + const byte iv1[] = + { + 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, + 0xe2, 0x8c, 0x8f, 0x16 + }; + const byte a1[] = + { + 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, + 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 + }; + const byte t1[] = + { + 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; + +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + /* FIPS builds only allow 16-byte auth tags. */ + /* This sample uses a 15-byte auth tag. */ + const byte k2[] = + { + 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4, + 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b + }; + const byte iv2[] = + { + 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03, + 0x1a, 0x60, 0x24, 0xa7 + }; + const byte a2[] = + { + 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18, + 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56 + }; + const byte t2[] = + { + 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f, + 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 + }; +#endif + + byte tag[16]; + + XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ + (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */ + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(&gmac, k1, sizeof(k1)); + wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); + if (XMEMCMP(t1, tag, sizeof(t1)) != 0) + return -6200; + +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(&gmac, k2, sizeof(k2)); + wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); + if (XMEMCMP(t2, tag, sizeof(t2)) != 0) + return -6201; + +#if !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) + { + const byte badT[] = + { + 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; + + WC_RNG rng; + byte iv[12]; + + #ifndef HAVE_FIPS + if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0) + return -6202; + #else + if (wc_InitRng(&rng) != 0) + return -6203; + #endif + + if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), + t1, sizeof(t1)) != 0) + return -6204; + if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), + badT, sizeof(badT)) != AES_GCM_AUTH_E) + return -6205; + if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2), + t2, sizeof(t2)) != 0) + return -6206; + + XMEMSET(tag, 0, sizeof(tag)); + XMEMSET(iv, 0, sizeof(iv)); + if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), + tag, sizeof(tag), &rng) != 0) + return -6207; + if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), + tag, sizeof(tag)) != 0) + return -6208; + wc_FreeRng(&rng); + } +#endif /* WC_NO_RNG HAVE_SELFTEST */ +#endif /* HAVE_FIPS */ + + return 0; +} +#endif /* WOLFSSL_AES_128 */ +#endif /* HAVE_AESGCM */ + +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) +int aesccm_test(void) +{ + Aes enc; + + /* key */ + const byte k[] = + { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + + /* nonce */ + const byte iv[] = + { + 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, + 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 + }; + + /* plaintext */ + const byte p[] = + { + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e + }; + + const byte a[] = + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + const byte c[] = + { + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 + }; + + const byte t[] = + { + 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 + }; + + byte t2[sizeof(t)]; + byte p2[sizeof(p)]; + byte c2[sizeof(c)]; + byte iv2[sizeof(iv)]; + + int result; + + XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ + XMEMSET(t2, 0, sizeof(t2)); + XMEMSET(c2, 0, sizeof(c2)); + XMEMSET(p2, 0, sizeof(p2)); + + result = wc_AesCcmSetKey(&enc, k, sizeof(k)); + if (result != 0) + return -6300; + + /* AES-CCM encrypt and decrypt both use AES encrypt internally */ + result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (result != 0) + return -6301; + if (XMEMCMP(c, c2, sizeof(c2))) + return -6302; + if (XMEMCMP(t, t2, sizeof(t2))) + return -6303; + + result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (result != 0) + return -6304; + if (XMEMCMP(p, p2, sizeof(p2))) + return -6305; + + /* Test the authentication failure */ + t2[0]++; /* Corrupt the authentication tag. */ + result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (result == 0) + return -6306; + + /* Clear c2 to compare against p2. p2 should be set to zero in case of + * authentication fail. */ + XMEMSET(c2, 0, sizeof(c2)); + if (XMEMCMP(p2, c2, sizeof(p2))) + return -6307; + + XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ + XMEMSET(t2, 0, sizeof(t2)); + XMEMSET(c2, 0, sizeof(c2)); + XMEMSET(p2, 0, sizeof(p2)); + XMEMSET(iv2, 0, sizeof(iv2)); + +#ifndef HAVE_SELFTEST + /* selftest build does not have wc_AesCcmSetNonce() or + * wc_AesCcmEncrypt_ex() */ + if (wc_AesCcmSetKey(&enc, k, sizeof(k)) != 0) + return -6308; + + if (wc_AesCcmSetNonce(&enc, iv, sizeof(iv)) != 0) + return -6309; + if (wc_AesCcmEncrypt_ex(&enc, c2, p, sizeof(c2), iv2, sizeof(iv2), + t2, sizeof(t2), a, sizeof(a)) != 0) + return -6310; + if (XMEMCMP(iv, iv2, sizeof(iv2))) + return -6311; + if (XMEMCMP(c, c2, sizeof(c2))) + return -6312; + if (XMEMCMP(t, t2, sizeof(t2))) + return -6313; +#endif + + return 0; +} +#endif /* HAVE_AESCCM WOLFSSL_AES_128 */ + + +#ifdef HAVE_AES_KEYWRAP + +#define MAX_KEYWRAP_TEST_OUTLEN 40 +#define MAX_KEYWRAP_TEST_PLAINLEN 32 + +typedef struct keywrapVector { + const byte* kek; + const byte* data; + const byte* verify; + word32 kekLen; + word32 dataLen; + word32 verifyLen; +} keywrapVector; + +int aeskeywrap_test(void) +{ + int wrapSz, plainSz, testSz, i; + + /* test vectors from RFC 3394 (kek, data, verify) */ + +#ifdef WOLFSSL_AES_128 + /* Wrap 128 bits of Key Data with a 128-bit KEK */ + const byte k1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + const byte d1[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + const byte v1[] = { + 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, + 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, + 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* Wrap 128 bits of Key Data with a 192-bit KEK */ + const byte k2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + }; + + const byte d2[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + const byte v2[] = { + 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, + 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, + 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Wrap 128 bits of Key Data with a 256-bit KEK */ + const byte k3[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + const byte d3[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + const byte v3[] = { + 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, + 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, + 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7 + }; +#endif + +#ifdef WOLFSSL_AES_192 + /* Wrap 192 bits of Key Data with a 192-bit KEK */ + const byte k4[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + }; + + const byte d4[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + const byte v4[] = { + 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, + 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, + 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, + 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Wrap 192 bits of Key Data with a 256-bit KEK */ + const byte k5[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + const byte d5[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + const byte v5[] = { + 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, + 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, + 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, + 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1 + }; + + /* Wrap 256 bits of Key Data with a 256-bit KEK */ + const byte k6[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + const byte d6[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + const byte v6[] = { + 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, + 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, + 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, + 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, + 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 + }; +#endif /* WOLFSSL_AES_256 */ + + byte output[MAX_KEYWRAP_TEST_OUTLEN]; + byte plain [MAX_KEYWRAP_TEST_PLAINLEN]; + + const keywrapVector test_wrap[] = + { + #ifdef WOLFSSL_AES_128 + {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)}, + #endif + #ifdef WOLFSSL_AES_192 + {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)}, + #endif + #ifdef WOLFSSL_AES_256 + {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)}, + #endif + #ifdef WOLFSSL_AES_192 + {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)}, + #endif + #ifdef WOLFSSL_AES_256 + {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)}, + {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)} + #endif + }; + testSz = sizeof(test_wrap) / sizeof(keywrapVector); + + XMEMSET(output, 0, sizeof(output)); + XMEMSET(plain, 0, sizeof(plain)); + + for (i = 0; i < testSz; i++) { + + wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen, + test_wrap[i].data, test_wrap[i].dataLen, + output, sizeof(output), NULL); + + if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) + return -6400; + + if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) + return -6401; + + plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, + output, wrapSz, + plain, sizeof(plain), NULL); + + if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) + return -6402; + + if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) + return -6403 - i; + } + + return 0; +} +#endif /* HAVE_AES_KEYWRAP */ + + +#endif /* NO_AES */ + + +#ifdef HAVE_CAMELLIA + +enum { + CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC +}; + +typedef struct { + int type; + const byte* plaintext; + const byte* iv; + const byte* ciphertext; + const byte* key; + word32 keySz; + int errorCode; +} test_vector_t; + +int camellia_test(void) +{ + /* Camellia ECB Test Plaintext */ + static const byte pte[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + + /* Camellia ECB Test Initialization Vector */ + static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + + /* Test 1: Camellia ECB 128-bit key */ + static const byte k1[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + static const byte c1[] = + { + 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, + 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 + }; + + /* Test 2: Camellia ECB 192-bit key */ + static const byte k2[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + static const byte c2[] = + { + 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, + 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 + }; + + /* Test 3: Camellia ECB 256-bit key */ + static const byte k3[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }; + static const byte c3[] = + { + 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, + 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 + }; + + /* Camellia CBC Test Plaintext */ + static const byte ptc[] = + { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + + /* Camellia CBC Test Initialization Vector */ + static const byte ivc[] = + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + /* Test 4: Camellia-CBC 128-bit key */ + static const byte k4[] = + { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C + }; + static const byte c4[] = + { + 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, + 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB + }; + + /* Test 5: Camellia-CBC 192-bit key */ + static const byte k5[] = + { + 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B + }; + static const byte c5[] = + { + 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, + 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 + }; + + /* Test 6: CBC 256-bit key */ + static const byte k6[] = + { + 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 + }; + static const byte c6[] = + { + 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, + 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA + }; + + byte out[CAMELLIA_BLOCK_SIZE]; + Camellia cam; + int i, testsSz, ret; + const test_vector_t testVectors[] = + { + {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114}, + {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115}, + {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116}, + {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117}, + {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118}, + {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119}, + {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120}, + {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121}, + {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122}, + {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123}, + {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124}, + {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125} + }; + + testsSz = sizeof(testVectors)/sizeof(test_vector_t); + for (i = 0; i < testsSz; i++) { + if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, + testVectors[i].iv) != 0) + return testVectors[i].errorCode; + + switch (testVectors[i].type) { + case CAM_ECB_ENC: + ret = wc_CamelliaEncryptDirect(&cam, out, + testVectors[i].plaintext); + if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, + CAMELLIA_BLOCK_SIZE)) + return testVectors[i].errorCode; + break; + case CAM_ECB_DEC: + ret = wc_CamelliaDecryptDirect(&cam, out, + testVectors[i].ciphertext); + if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, + CAMELLIA_BLOCK_SIZE)) + return testVectors[i].errorCode; + break; + case CAM_CBC_ENC: + ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext, + CAMELLIA_BLOCK_SIZE); + if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, + CAMELLIA_BLOCK_SIZE)) + return testVectors[i].errorCode; + break; + case CAM_CBC_DEC: + ret = wc_CamelliaCbcDecrypt(&cam, out, + testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE); + if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, + CAMELLIA_BLOCK_SIZE)) + return testVectors[i].errorCode; + break; + default: + break; + } + } + + /* Setting the IV and checking it was actually set. */ + ret = wc_CamelliaSetIV(&cam, ivc); + if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE)) + return -6500; + + /* Setting the IV to NULL should be same as all zeros IV */ + if (wc_CamelliaSetIV(&cam, NULL) != 0 || + XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE)) + return -6501; + + /* First parameter should never be null */ + if (wc_CamelliaSetIV(NULL, NULL) == 0) + return -6502; + + /* First parameter should never be null, check it fails */ + if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) + return -6503; + + /* Key should have a size of 16, 24, or 32 */ + if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) + return -6504; + + return 0; +} +#endif /* HAVE_CAMELLIA */ + +#ifdef HAVE_IDEA +int idea_test(void) +{ + int ret; + word16 i, j; + + Idea idea; + byte data[IDEA_BLOCK_SIZE]; + + /* Project NESSIE test vectors */ +#define IDEA_NB_TESTS 6 +#define IDEA_NB_TESTS_EXTRA 4 + + const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = { + { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, + 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, + { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, + 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, + 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, + 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, + }; + + const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { + { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, + { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, + { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, + { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F }, + { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 }, + }; + + byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { + { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC }, + { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE }, + { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 }, + { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 }, + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, + { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, + }; + + byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { + { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 }, + { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 }, + { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 }, + { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C }, + }; + + byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { + { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 }, + { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D }, + { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F }, + { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 }, + }; + + /* CBC test */ + const char *message = "International Data Encryption Algorithm"; + byte msg_enc[40], msg_dec[40]; + + for (i = 0; i < IDEA_NB_TESTS; i++) { + /* Set encryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, + NULL, IDEA_ENCRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (enc) failed\n"); + return -6600; + } + + /* Data encryption */ + ret = wc_IdeaCipher(&idea, data, v1_plain[i]); + if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) { + printf("Bad encryption\n"); + return -6601; + } + + /* Set decryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, + NULL, IDEA_DECRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (dec) failed\n"); + return -6602; + } + + /* Data decryption */ + ret = wc_IdeaCipher(&idea, data, data); + if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) { + printf("Bad decryption\n"); + return -6603; + } + + /* Set encryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, + v_key[i], IDEA_ENCRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (enc) failed\n"); + return -6604; + } + + XMEMSET(msg_enc, 0, sizeof(msg_enc)); + ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message, + (word32)XSTRLEN(message)+1); + if (ret != 0) { + printf("wc_IdeaCbcEncrypt failed\n"); + return -6605; + } + + /* Set decryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, + v_key[i], IDEA_DECRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (dec) failed\n"); + return -6606; + } + + XMEMSET(msg_dec, 0, sizeof(msg_dec)); + ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc, + (word32)XSTRLEN(message)+1); + if (ret != 0) { + printf("wc_IdeaCbcDecrypt failed\n"); + return -6607; + } + + if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { + printf("Bad CBC decryption\n"); + return -6608; + } + } + + for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) { + /* Set encryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, + NULL, IDEA_ENCRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (enc) failed\n"); + return -6609; + } + + /* 100 times data encryption */ + XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); + for (j = 0; j < 100; j++) { + ret = wc_IdeaCipher(&idea, data, data); + if (ret != 0) { + return -6610; + } + } + + if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) { + printf("Bad encryption (100 times)\n"); + return -6611; + } + + /* 1000 times data encryption */ + XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); + for (j = 0; j < 1000; j++) { + ret = wc_IdeaCipher(&idea, data, data); + if (ret != 0) { + return -6612; + } + } + + if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) { + printf("Bad encryption (100 times)\n"); + return -6613; + } + } + +#ifndef WC_NO_RNG + /* random test for CBC */ + { + WC_RNG rng; + byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE], + rnd[1000], enc[1000], dec[1000]; + + /* random values */ + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret != 0) + return -6614; + + for (i = 0; i < 1000; i++) { + /* random key */ + ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); + if (ret != 0) + return -6615; + + /* random iv */ + ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)); + if (ret != 0) + return -6616; + + /* random data */ + ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd)); + if (ret != 0) + return -6617; + + /* Set encryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (enc) failed\n"); + return -6618; + } + + /* Data encryption */ + XMEMSET(enc, 0, sizeof(enc)); + ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd)); + if (ret != 0) { + printf("wc_IdeaCbcEncrypt failed\n"); + return -6619; + } + + /* Set decryption key */ + XMEMSET(&idea, 0, sizeof(Idea)); + ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION); + if (ret != 0) { + printf("wc_IdeaSetKey (enc) failed\n"); + return -6620; + } + + /* Data decryption */ + XMEMSET(dec, 0, sizeof(dec)); + ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc)); + if (ret != 0) { + printf("wc_IdeaCbcDecrypt failed\n"); + return -6621; + } + + if (XMEMCMP(rnd, dec, sizeof(rnd))) { + printf("Bad CBC decryption\n"); + return -6622; + } + } + + wc_FreeRng(&rng); + } +#endif /* WC_NO_RNG */ + + return 0; +} +#endif /* HAVE_IDEA */ + + +#ifndef WC_NO_RNG +static int _rng_test(WC_RNG* rng, int errorOffset) +{ + byte block[32]; + int ret, i; + + XMEMSET(block, 0, sizeof(block)); + + ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); + if (ret != 0) { + ret = -6623; + goto exit; + } + + /* Check for 0's */ + for (i=0; i<(int)sizeof(block); i++) { + if (block[i] == 0) { + ret++; + } + } + /* All zeros count check */ + if (ret >= (int)sizeof(block)) { + ret = -6624; + goto exit; + } + + ret = wc_RNG_GenerateByte(rng, block); + if (ret != 0) { + ret = -6625; + goto exit; + } + + /* Parameter validation testing. */ + ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6626; + goto exit; + } + ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block)); + if (ret != BAD_FUNC_ARG) { + ret = -6627; + goto exit; + } + + ret = wc_RNG_GenerateByte(NULL, block); + if (ret != BAD_FUNC_ARG) { + ret = -6628; + goto exit; + } + ret = wc_RNG_GenerateByte(rng, NULL); + if (ret != BAD_FUNC_ARG) { + ret = -6629; + goto exit; + } + + ret = 0; + +exit: + if (ret != 0) + ret += errorOffset; + + return ret; +} + + +static int random_rng_test(void) +{ + WC_RNG localRng; + WC_RNG* rng; + int ret; + + rng = &localRng; + /* Test stack based RNG. */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(rng); +#endif + if (ret != 0) return -6700; + + ret = _rng_test(rng, -6300); + + /* Make sure and free RNG */ + wc_FreeRng(rng); + + if (ret != 0) return ret; + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + { + byte nonce[8] = { 0 }; + /* Test dynamic RNG. */ + rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); + if (rng == NULL) return -6701; + + ret = _rng_test(rng, -6310); + + wc_rng_free(rng); + } +#endif + + return ret; +} + +#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + +int random_test(void) +{ + const byte test1Entropy[] = + { + 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, + 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, + 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, + 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e + }; + const byte test1Output[] = + { + 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, + 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, + 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, + 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, + 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, + 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, + 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, + 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, + 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, + 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, + 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf + }; + const byte test2EntropyA[] = + { + 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, + 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, + 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, + 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 + }; + const byte test2EntropyB[] = + { + 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, + 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, + 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 + }; + const byte test2Output[] = + { + 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, + 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, + 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, + 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, + 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, + 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, + 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, + 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, + 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, + 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, + 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 + }; + + byte output[WC_SHA256_DIGEST_SIZE * 4]; + int ret; + + ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, + output, sizeof(output)); + if (ret != 0) + return -6800; + + if (XMEMCMP(test1Output, output, sizeof(output)) != 0) + return -6801; + + ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), + test2EntropyB, sizeof(test2EntropyB), + output, sizeof(output)); + if (ret != 0) + return -6802; + + if (XMEMCMP(test2Output, output, sizeof(output)) != 0) + return -6803; + + /* Basic RNG generate block test */ + if ((ret = random_rng_test()) != 0) + return ret; + + /* Test the seed check function. */ +#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + { + word32 i, outputSz; + + /* Repeat the same byte over and over. Should fail. */ + outputSz = sizeof(output); + XMEMSET(output, 1, outputSz); + ret = wc_RNG_TestSeed(output, outputSz); + if (ret == 0) + return -6804; + + /* Every byte of the entropy scratch is different, + * entropy is a single byte that shouldn't match. */ + outputSz = (sizeof(word32) * 2) + 1; + for (i = 0; i < outputSz; i++) + output[i] = (byte)i; + ret = wc_RNG_TestSeed(output, outputSz); + if (ret != 0) + return -6805; + + outputSz = sizeof(output); + for (i = 0; i < outputSz; i++) + output[i] = (byte)i; + ret = wc_RNG_TestSeed(output, outputSz); + if (ret != 0) + return -6806; + } +#endif + return 0; +} + +#else + +int random_test(void) +{ + /* Basic RNG generate block test */ + return random_rng_test(); +} + +#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */ +#endif /* WC_NO_RNG */ + +#ifndef MEM_TEST_SZ + #define MEM_TEST_SZ 1024 +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) +static int simple_mem_test(int sz) +{ + int ret = 0; + byte* b; + int i; + + b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL) { + return -6900; + } + /* utilize memory */ + for (i = 0; i < sz; i++) { + b[i] = (byte)i; + } + /* read back and verify */ + for (i = 0; i < sz; i++) { + if (b[i] != (byte)i) { + ret = -6901; + break; + } + } + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif + +int memory_test(void) +{ + int ret = 0; +#ifndef USE_FAST_MATH + byte* b = NULL; +#endif +#if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) + int i; +#endif +#ifdef WOLFSSL_STATIC_MEMORY + word32 size[] = { WOLFMEM_BUCKETS }; + word32 dist[] = { WOLFMEM_DIST }; + byte buffer[30000]; /* make large enough to involve many bucket sizes */ + int pad = -(int)((wolfssl_word)buffer) & (WOLFSSL_STATIC_ALIGN - 1); + /* pad to account for if head of buffer is not at set memory + * alignment when tests are ran */ +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* check macro settings */ + if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -7000; + } + + if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { + return -7001; + } + + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { + /* each element in array should be divisible by alignment size */ + return -7002; + } + } + + for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { + if (size[i - 1] >= size[i]) { + return -7003; /* sizes should be in increasing order */ + } + } + + /* check that padding size returned is possible */ + if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { + return -7004; /* no room for wc_Memory struct */ + } + + if (wolfSSL_MemoryPaddingSz() < 0) { + return -7005; + } + + if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { + return -7006; /* not aligned! */ + } + + /* check function to return optimum buffer size (rounded down) */ + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); + if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { + return -7007; /* not aligned! */ + } + + if (ret < 0) { + return -7008; + } + + if ((unsigned int)ret > sizeof(buffer)) { + return -7009; /* did not round down as expected */ + } + + if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { + return -7010; /* return value changed when using suggested value */ + } + + ret = wolfSSL_MemoryPaddingSz(); + ret += pad; /* add space that is going to be needed if buffer not aligned */ + if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != + (ret + (int)size[0])) { + return -7011; /* did not round down to nearest bucket value */ + } + + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); + if ((ret - pad) < 0) { + return -7012; + } + + if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { + return -7013; /* not even chunks of memory for IO size */ + } + + if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { + return -7014; /* memory not aligned */ + } + + /* check for passing bad or unknown arguments to functions */ + if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { + return -7015; + } + + if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { + return -7016; /* should round to 0 since struct + bucket will not fit */ + } + + (void)dist; /* avoid static analysis warning of variable not used */ +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) + /* simple test */ + ret = simple_mem_test(MEM_TEST_SZ); + if (ret != 0) + return ret; +#endif + +#ifdef COMPLEX_MEM_TEST + /* test various size blocks */ + for (i = 1; i < MEM_TEST_SZ; i*=2) { + ret = simple_mem_test(i); + if (ret != 0) + return ret; + } +#endif + +#ifndef USE_FAST_MATH + /* realloc test */ + b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b) { + b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + } + if (b == NULL) { + return -7017; + } + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +#ifdef HAVE_NTRU + +byte GetEntropy(ENTROPY_CMD cmd, byte* out); + +byte GetEntropy(ENTROPY_CMD cmd, byte* out) +{ + static WC_RNG rng; + + if (cmd == INIT) + return (wc_InitRng(&rng) == 0) ? 1 : 0; + + if (out == NULL) + return 0; + + if (cmd == GET_BYTE_OF_ENTROPY) + return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; + + if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { + *out = 1; + return 1; + } + + return 0; +} + +#endif /* HAVE_NTRU */ + + +#ifndef NO_FILESYSTEM + +/* Cert Paths */ +#ifdef FREESCALE_MQX + #define CERT_PREFIX "a:\\" + #define CERT_PATH_SEP "\\" +#elif defined(WOLFSSL_uTKERNEL2) + #define CERT_PREFIX "/uda/" + #define CERT_PATH_SEP "/" +#else + #define CERT_PREFIX "./" + #define CERT_PATH_SEP "/" +#endif +#define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP + +/* Generated Test Certs */ +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #if !defined(NO_RSA) && !defined(NO_ASN) + static const char* clientKey = CERT_ROOT "client-key.der"; + static const char* clientCert = CERT_ROOT "client-cert.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* clientKeyPub = CERT_ROOT "client-keyPub.der"; + #endif + #endif /* !NO_RSA && !NO_ASN */ +#endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + #if !defined(NO_RSA) && !defined(NO_ASN) + #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7) + static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der"; + #ifdef WOLFSSL_CERT_GEN + static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; + #endif + #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; + #endif + #ifdef HAVE_PKCS7 + static const char* rsaServerCertDerFile = + CERT_ROOT "server-cert.der"; + static const char* rsaServerKeyDerFile = + CERT_ROOT "server-key.der"; + #endif + #endif + #endif /* !NO_RSA && !NO_ASN */ +#endif /* !USE_CERT_BUFFER_* */ +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_ASN) + #ifndef NO_DH + static const char* dhKey = CERT_ROOT "dh2048.der"; + #endif + #ifndef NO_DSA + static const char* dsaKey = CERT_ROOT "dsa2048.der"; + #endif +#endif /* !USE_CERT_BUFFER_* */ +#if !defined(USE_CERT_BUFFERS_256) + #ifdef HAVE_ECC + /* cert files to be used in rsa cert gen test, check if RSA enabled */ + #ifdef HAVE_ECC_KEY_IMPORT + static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; + #endif +#endif +#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN) + #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) + #ifndef NO_RSA + /* eccKeyPubFile is used in a test that requires RSA. */ + static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; + #endif + static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; + static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; + #ifdef ENABLE_ECC384_CERT_GEN_TEST + static const char* eccCaKey384File = + CERT_ROOT "ca-ecc384-key.der"; + static const char* eccCaCert384File = + CERT_ROOT "ca-ecc384-cert.pem"; + #endif + #endif + #if defined(HAVE_PKCS7) && defined(HAVE_ECC) + static const char* eccClientKey = CERT_ROOT "ecc-client-key.der"; + static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der"; + #endif + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + #ifdef WOLFSSL_TEST_CERT + static const char* serverEd25519Cert = + CERT_ROOT "ed25519/server-ed25519.der"; + static const char* caEd25519Cert = + CERT_ROOT "ed25519/ca-ed25519.der"; + #endif + #endif + #ifdef HAVE_ED448 + #ifdef WOLFSSL_TEST_CERT + static const char* serverEd448Cert = + CERT_ROOT "ed448/server-ed448.der"; + static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der"; + #endif + #endif +#endif /* !USE_CERT_BUFFER_* */ + +#ifndef NO_WRITE_TEMP_FILES +#ifdef HAVE_ECC + #ifdef WOLFSSL_CERT_GEN + static const char* certEccPemFile = CERT_PREFIX "certecc.pem"; + #endif + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) + static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; + static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; + #endif + #ifdef WOLFSSL_KEY_GEN + static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; + static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; + static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; + static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; + #endif + #if defined(WOLFSSL_CERT_GEN) || \ + (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) + static const char* certEccDerFile = CERT_PREFIX "certecc.der"; + #endif +#endif /* HAVE_ECC */ + +#ifndef NO_RSA + #if defined(WOLFSSL_CERT_GEN) || \ + (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) + static const char* otherCertDerFile = CERT_PREFIX "othercert.der"; + static const char* certDerFile = CERT_PREFIX "cert.der"; + #endif + #ifdef WOLFSSL_CERT_GEN + static const char* otherCertPemFile = CERT_PREFIX "othercert.pem"; + static const char* certPemFile = CERT_PREFIX "cert.pem"; + #endif + #ifdef WOLFSSL_CERT_REQ + static const char* certReqDerFile = CERT_PREFIX "certreq.der"; + static const char* certReqPemFile = CERT_PREFIX "certreq.pem"; + #endif +#endif /* !NO_RSA */ + +#if !defined(NO_RSA) || !defined(NO_DSA) + #ifdef WOLFSSL_KEY_GEN + static const char* keyDerFile = CERT_PREFIX "key.der"; + static const char* keyPemFile = CERT_PREFIX "key.pem"; + #endif +#endif + +#endif /* !NO_WRITE_TEMP_FILES */ +#endif /* !NO_FILESYSTEM */ + + +#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ + (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) +#ifdef WOLFSSL_MULTI_ATTRIB +static CertName certDefaultName; +static void initDefaultName(void) +{ + XMEMCPY(certDefaultName.country, "US", sizeof("US")); + certDefaultName.countryEnc = CTC_PRINTABLE; + XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon")); + certDefaultName.stateEnc = CTC_UTF8; + XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland")); + certDefaultName.localityEnc = CTC_UTF8; + XMEMCPY(certDefaultName.sur, "Test", sizeof("Test")); + certDefaultName.surEnc = CTC_UTF8; + XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL")); + certDefaultName.orgEnc = CTC_UTF8; + XMEMCPY(certDefaultName.unit, "Development", sizeof("Development")); + certDefaultName.unitEnc = CTC_UTF8; + XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); + certDefaultName.commonNameEnc = CTC_UTF8; + XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); + certDefaultName.serialDevEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_CERT_EXT + XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization")); + certDefaultName.busCatEnc = CTC_UTF8; +#endif + XMEMCPY(certDefaultName.email, "[email protected]", sizeof("[email protected]")); + +#ifdef WOLFSSL_TEST_CERT + { + NameAttrib* n; + /* test having additional OUs and setting DC */ + n = &certDefaultName.name[0]; + n->id = ASN_ORGUNIT_NAME; + n->type = CTC_UTF8; + n->sz = sizeof("Development-2"); + XMEMCPY(n->value, "Development-2", sizeof("Development-2")); + + #if CTC_MAX_ATTRIB > 3 + n = &certDefaultName.name[1]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("com"); + XMEMCPY(n->value, "com", sizeof("com")); + + n = &certDefaultName.name[2]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("wolfssl"); + XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); + + #endif + } +#endif /* WOLFSSL_TEST_CERT */ +} +#else +static const CertName certDefaultName = { + "US", CTC_PRINTABLE, /* country */ + "Oregon", CTC_UTF8, /* state */ + "Portland", CTC_UTF8, /* locality */ + "Test", CTC_UTF8, /* sur */ + "wolfSSL", CTC_UTF8, /* org */ + "Development", CTC_UTF8, /* unit */ + "www.wolfssl.com", CTC_UTF8, /* commonName */ + "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */ +#ifdef WOLFSSL_CERT_EXT + "Private Organization", CTC_UTF8, /* businessCategory */ + "US", CTC_PRINTABLE, /* jurisdiction country */ + "Oregon", CTC_PRINTABLE, /* jurisdiction state */ +#endif + "[email protected]" /* email */ +}; +#endif /* WOLFSSL_MULTI_ATTRIB */ + +#ifdef WOLFSSL_CERT_EXT + #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC) + static const char certKeyUsage[] = + "digitalSignature,nonRepudiation"; + #endif + #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA) + static const char certKeyUsage2[] = + "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; + #endif +#endif /* WOLFSSL_CERT_EXT */ +#endif /* WOLFSSL_CERT_GEN */ + +#ifndef NO_RSA + +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +static byte minSerial[] = { 0x02, 0x01, 0x01 }; +static byte minName[] = { 0x30, 0x00 }; +static byte nameBad[] = { + 0x30, 0x08, + 0x31, 0x06, + 0x30, 0x04, + 0x06, 0x02, + 0x55, 0x04, +}; +static byte minDates[] = { + 0x30, 0x1e, + 0x17, 0x0d, + 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, + 0x32, 0x33, 0x31, 0x30, 0x5a, + 0x17, 0x0d, + 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, + 0x32, 0x33, 0x31, 0x30, 0x5a +}; +static byte minPubKey[] = { + 0x30, 0x1b, + 0x30, 0x0d, + 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, + 0x05, 0x00, + 0x03, 0x0b, + 0x00, 0x30, 0x08, + 0x02, 0x01, + 0x03, + 0x02, 0x03, + 0x01, 0x00, 0x01 +}; +static byte minSigAlg[] = { + 0x30, 0x0d, + 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, + 0x05, 0x00 +}; +static byte minSig[] = { + 0x03, 0x01, + 0x00 +}; + +static int add_seq(byte* certData, int offset, byte* data, byte length) +{ + XMEMMOVE(certData + offset + 2, data, length); + certData[offset++] = 0x30; + certData[offset++] = length; + return offset + length; +} +static int add_data(byte* certData, int offset, byte* data, byte length) +{ + XMEMCPY(certData + offset, data, length); + return offset + length; +} + +static int cert_asn1_test(void) +{ + int ret; + int len[3]; + DecodedCert cert; + byte certData[106]; + byte* badCert = NULL; + + len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); + len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); + len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); + len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates)); + len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); + len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey)); + len[1] = add_seq(certData, 0, certData, len[2]); + len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg)); + len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig)); + len[0] = add_seq(certData, 0, certData, len[1]); + + /* Minimal good certificate */ + InitDecodedCert(&cert, certData, len[0], 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + FreeDecodedCert(&cert); + if (ret != 0) { + ERROR_OUT(-7100, done); + } + + /* Bad issuer name */ + len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); + len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); + len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad)); + len[1] = add_seq(certData, 0, certData, len[2]); + len[0] = add_seq(certData, 0, certData, len[1]); + /* Put data into allocated buffer to allow access error checking. */ + badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XMEMCPY(badCert, certData, len[0]); + InitDecodedCert(&cert, badCert, len[0], 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + FreeDecodedCert(&cert); + if (ret != ASN_PARSE_E) { + ERROR_OUT(-7101, done); + } + XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + badCert = NULL; + ret = 0; + +done: + if (badCert != NULL) + XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +int cert_test(void) +{ +#if !defined(NO_FILESYSTEM) + DecodedCert cert; + byte* tmp; + size_t bytes; + XFILE file; + int ret; + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return -7200; + + /* Certificate with Name Constraints extension. */ +#ifdef FREESCALE_MQX + file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb"); +#else + file = XFOPEN("./certs/test/cert-ext-nc.der", "rb"); +#endif + if (!file) { + ERROR_OUT(-7201, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-7202, done); + } + FreeDecodedCert(&cert); + + /* Certificate with Inhibit Any Policy extension. */ +#ifdef FREESCALE_MQX + file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb"); +#else + file = XFOPEN("./certs/test/cert-ext-ia.der", "rb"); +#endif + if (!file) { + ERROR_OUT(-7203, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-7204, done); + } + FreeDecodedCert(&cert); + + /* Certificate with Netscape Certificate Type extension. */ +#ifdef FREESCALE_MQX + file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb"); +#else + file = XFOPEN("./certs/test/cert-ext-nct.der", "rb"); +#endif + if (!file) { + ERROR_OUT(-7203, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); +#ifndef IGNORE_NETSCAPE_CERT_TYPE + if (ret != 0) { + ERROR_OUT(-7204, done); + } +#else + if (ret != ASN_CRIT_EXT_E) { + ERROR_OUT(-7205, done); + } + ret = 0; +#endif + +done: + FreeDecodedCert(&cert); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* !NO_FILESYSTEM */ + + if (ret == 0) + ret = cert_asn1_test(); + + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +int certext_test(void) +{ + DecodedCert cert; + byte* tmp; + size_t bytes; + XFILE file; + int ret; + + /* created from rsa_test : othercert.der */ + byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + + /* created from rsa_test : othercert.der */ + byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" + "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; + +#ifdef HAVE_ECC + /* created from ecc_test_cert_gen : certecc.der */ +#ifdef ENABLE_ECC384_CERT_GEN_TEST + /* Authority key id from ./certs/ca-ecc384-cert.pem */ + byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2" + "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52"; +#else + /* Authority key id from ./certs/ca-ecc-cert.pem */ + byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45" + "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21"; +#endif +#endif /* HAVE_ECC */ + + /* created from rsa_test : cert.der */ + byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return -7300; + + /* load othercert.der (Cert signed by an authority) */ + file = XFOPEN(otherCertDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -7301; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return -7302; + + /* check the SKID from a RSA certificate */ + if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) + return -7303; + + /* check the AKID from an RSA certificate */ + if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) + return -7304; + + /* check the Key Usage from an RSA certificate */ + if (!cert.extKeyUsageSet) + return -7305; + + if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) + return -7306; + + /* check the CA Basic Constraints from an RSA certificate */ + if (cert.isCA) + return -7307; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 1) + return -7308; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return -7309; +#endif + + FreeDecodedCert(&cert); + +#ifdef HAVE_ECC + /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */ + file = XFOPEN(certEccDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -7310; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return -7311; + + /* check the SKID from a ECC certificate - generated dynamically */ + + /* check the AKID from an ECC certificate */ + if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) + return -7312; + + /* check the Key Usage from an ECC certificate */ + if (!cert.extKeyUsageSet) + return -7313; + + if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) + return -7314; + + /* check the CA Basic Constraints from an ECC certificate */ + if (cert.isCA) + return -7315; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return -7316; + + if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) + return -7317; + + if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) + return -7318; +#endif + + FreeDecodedCert(&cert); +#endif /* HAVE_ECC */ + + /* load cert.der (self signed certificate) */ + file = XFOPEN(certDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -7319; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return -7320; + + /* check the SKID from a CA certificate */ + if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) + return -7321; + + /* check the AKID from an CA certificate */ + if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) + return -7322; + + /* check the Key Usage from CA certificate */ + if (!cert.extKeyUsageSet) + return -7323; + + if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) + return -7324; + + /* check the CA Basic Constraints CA certificate */ + if (!cert.isCA) + return -7325; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return -7326; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return -7327; + + if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) + return -7328; +#endif + + FreeDecodedCert(&cert); + XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + + return 0; +} +#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */ + +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +int decodedCertCache_test(void) +{ + int ret = 0; + Cert cert; + FILE* file; + byte* der; + word32 derSz; + + derSz = FOURK_BUF; + der = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) + ret = -7400; + + if (ret == 0) { + /* load cert.der */ + file = XFOPEN(certDerFile, "rb"); + if (file != NULL) { + derSz = XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); + } + else + ret = -7401; + } + + if (ret == 0) { + if (wc_InitCert(&cert)) { + ret = -7402; + } + } + + if (ret == 0) { + ret = wc_SetSubjectBuffer(&cert, der, derSz); + } + + if (ret == 0) { + if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7403; + } + + if (ret == 0) { + if (wc_SetSubjectRaw(&cert, der, derSz) != 0) + ret = -7404; + } + + if (ret == 0) { + if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7405; + } + + if (ret == 0) { + if(wc_SetIssuerBuffer(&cert, der, derSz) != 0) + ret = -7406; + } + + if (ret == 0) { + if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7407; + } + + if (ret == 0) { + if(wc_SetIssuerRaw(&cert, der, derSz) != 0) + ret = -7408; + } + + if (ret == 0) { + if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7409; + } + +#ifdef WOLFSSL_ALT_NAMES + if (ret == 0) { + if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0) + ret = -7410; + } + + if (ret == 0) { + if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7411; + } + + if (ret == 0) { + if(wc_SetDatesBuffer(&cert, der, derSz) != 0) + ret = -7412; + } + + if (ret == 0) { + if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7413; + } +#endif + + if (ret == 0) { + if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0) + ret = -7414; + } + + if (ret == 0) { + if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG) + ret = -7415; + } + + wc_SetCert_Free(&cert); + if (ret == 0) { + if(cert.decodedCert != NULL) + ret = -7416; + } + + XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */ + +#define RSA_TEST_BYTES 512 /* up to 4096-bit key */ + +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +static int rsa_flatten_test(RsaKey* key) +{ + int ret; + byte e[RSA_TEST_BYTES]; + byte n[RSA_TEST_BYTES]; + word32 eSz = sizeof(e); + word32 nSz = sizeof(n); + + /* Parameter Validation testing. */ + ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -7417; + ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -7418; + ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -7419; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -7420; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != BAD_FUNC_ARG) +#endif + return -7421; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); + if (ret != 0) + return -7422; + eSz = 0; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#elif defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + if (ret != 0) +#else + if (ret != RSA_BUFFER_E) +#endif + return -7423; + eSz = sizeof(e); + nSz = 0; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#else + if (ret != RSA_BUFFER_E) +#endif + return -7424; + + return 0; +} +#endif /* NO_ASN */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) +static int rsa_export_key_test(RsaKey* key) +{ + int ret; + byte e[3]; + word32 eSz = sizeof(e); + byte n[RSA_TEST_BYTES]; + word32 nSz = sizeof(n); + byte d[RSA_TEST_BYTES]; + word32 dSz = sizeof(d); + byte p[RSA_TEST_BYTES/2]; + word32 pSz = sizeof(p); + byte q[RSA_TEST_BYTES/2]; + word32 qSz = sizeof(q); + word32 zero = 0; + + ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7425; + ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7426; + ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7427; + ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7428; + ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7429; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7430; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7431; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7432; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); + if (ret != BAD_FUNC_ARG) + return -7433; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); + if (ret != BAD_FUNC_ARG) + return -7434; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); + if (ret != BAD_FUNC_ARG) + return -7435; + + ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -7436; + ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -7437; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); + if (ret != RSA_BUFFER_E) + return -7438; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); + if (ret != RSA_BUFFER_E) + return -7439; + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); + if (ret != RSA_BUFFER_E) + return -7440; +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != 0) + return -7441; + + return 0; +} +#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */ + +#ifndef NO_SIG_WRAPPER +static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) +{ + int ret; + word32 sigSz; + const byte in[] = "Everyone gets Friday off."; + const byte hash[] = { + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + const byte hashEnc[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, + + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[RSA_TEST_BYTES]; + + /* Parameter Validation testing. */ + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); + if (ret != BAD_FUNC_ARG) + return -7442; + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); + if (ret != BAD_FUNC_ARG) + return -7443; + + sigSz = (word32)modLen; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7444; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + 0, out, &sigSz, key, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7445; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, NULL, &sigSz, key, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7446; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, NULL, key, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7447; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, NULL, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7448; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, 0, rng); + if (ret != BAD_FUNC_ARG) + return -7449; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, NULL); +#ifdef HAVE_USER_RSA + /* Implementation using IPP Libraries returns: + * -101 = USER_CRYPTO_ERROR + */ + if (ret == 0) +#elif defined(WOLFSSL_AFALG_XILINX_RSA) + /* blinding / rng handled with hardware acceleration */ + if (ret != 0) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + /* async may not require RNG */ + if (ret != 0 && ret != MISSING_RNG_E) +#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ + !defined(WC_RSA_BLINDING) + /* FIPS140 implementation does not do blinding */ + if (ret != 0) +#elif defined(WOLFSSL_RSA_PUBLIC_ONLY) + if (ret != SIG_TYPE_E) +#elif defined(WOLFSSL_CRYPTOCELL) + /* RNG is handled with the cryptocell */ + if (ret != 0) +#else + if (ret != MISSING_RNG_E) +#endif + return -7450; + sigSz = 0; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != BAD_FUNC_ARG) + return -7451; + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, + inLen, out, (word32)modLen, key, keyLen); + if (ret != BAD_FUNC_ARG) + return -7452; + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + 0, out, (word32)modLen, key, keyLen); + if (ret != BAD_FUNC_ARG) + return -7453; + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, NULL, (word32)modLen, key, keyLen); + if (ret != BAD_FUNC_ARG) + return -7454; + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, 0, key, keyLen); + if (ret != BAD_FUNC_ARG) + return -7455; + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, NULL, keyLen); + if (ret != BAD_FUNC_ARG) + return -7456; + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, 0); + if (ret != BAD_FUNC_ARG) + return -7457; + +#ifndef HAVE_ECC + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); + if (ret != SIG_TYPE_E) + return -7458; +#endif + + /* Use APIs. */ + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); + if (ret != modLen) + return -7459; + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); + if (ret != modLen) + return -7460; + + sigSz = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + XMEMSET(out, 0, sizeof(out)); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != 0) + return -7461; + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, keyLen); + if (ret != 0) + return -7462; + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + in, inLen, out, &sigSz, key, keyLen, rng); + if (ret != 0) + return -7463; + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + in, inLen, out, (word32)modLen, key, keyLen); + if (ret != 0) + return -7464; + + /* Wrong signature type. */ + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, keyLen); + if (ret == 0) + return -7465; + + /* check hash functions */ + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); + if (ret != 0) + return -7466; + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); + if (ret != 0) + return -7467; + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); + if (ret != 0) + return -7468; + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); + if (ret != 0) + return -7469; +#else + (void)hash; + (void)hashEnc; +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + return 0; +} +#endif /* !NO_SIG_WRAPPER */ + +#ifdef WC_RSA_NONBLOCK +static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out, + word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng) +{ + int ret = 0, count; + int signSz = 0; + RsaNb nb; + byte* inlinePlain = NULL; + + /* Enable non-blocking RSA mode - provide context */ + ret = wc_RsaSetNonBlock(key, &nb); + if (ret != 0) + return ret; + +#ifdef WC_RSA_NONBLOCK_TIME + /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */ + ret = wc_RsaSetNonBlockTime(key, 8, 3100); + if (ret != 0) + return ret; +#endif + + count = 0; + do { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#ifdef DEBUG_WOLFSSL + printf("RSA non-block sign: %d times\n", count); +#endif + signSz = ret; + + /* Test non-blocking verify */ + XMEMSET(plain, 0, plainSz); + count = 0; + do { + ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#ifdef DEBUG_WOLFSSL + printf("RSA non-block verify: %d times\n", count); +#endif + + if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) { + return SIG_VERIFY_E; + } + + /* Test inline non-blocking verify */ + count = 0; + do { + ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#ifdef DEBUG_WOLFSSL + printf("RSA non-block inline verify: %d times\n", count); +#endif + + if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) { + return SIG_VERIFY_E; + } + + /* Disabling non-block RSA mode */ + ret = wc_RsaSetNonBlock(key, NULL); + + (void)count; + + return 0; +} +#endif + +#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) +static int rsa_decode_test(RsaKey* keyPub) +{ + int ret; + word32 inSz; + word32 inOutIdx; + static const byte n[2] = { 0x00, 0x23 }; + static const byte e[2] = { 0x00, 0x03 }; + static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, + 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, + 0x02, 0x1, 0x03 }; + static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, + 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, + 0x02, 0x1, 0x03 }; + static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, + 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, + 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badNoObj[] = { + 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, + 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, + 0x03 }; + static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, + 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7470; + + /* Parameter Validation testing. */ + ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); + if (ret != BAD_FUNC_ARG) { + ret = -7471; + goto done; + } + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); + if (ret != BAD_FUNC_ARG) { + ret = -7472; + goto done; + } + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); + if (ret != BAD_FUNC_ARG) { + ret = -7473; + goto done; + } + /* TODO: probably should fail when length is -1! */ + ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); + if (ret != 0) { + ret = -7474; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7475; + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); + if (ret != 0) { + ret = -7476; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7477; + + /* Use API. */ + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); + if (ret != 0) { + ret = -7478; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7479; + + /* Parameter Validation testing. */ + inSz = sizeof(good); + ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -7480; + goto done; + } + ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -7481; + goto done; + } + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -7482; + goto done; + } + + /* Use good data and offset to bad data. */ + inOutIdx = 2; + inSz = sizeof(good) - inOutIdx; + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -7483; + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId) - inOutIdx; + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -7484; + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); +#ifndef WOLFSSL_NO_DECODE_EXTRA + if (ret != ASN_PARSE_E) +#else + if (ret != ASN_RSA_KEY_E) +#endif + { + ret = -7485; + goto done; + } + /* Try different bad data. */ + inSz = sizeof(badAlgIdNull); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); + if (ret != ASN_EXPECT_0_E) { + ret = -7486; + goto done; + } + inSz = sizeof(badNotBitString); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); + if (ret != ASN_BITSTR_E) { + ret = -7487; + goto done; + } + inSz = sizeof(badBitStringLen); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -7488; + goto done; + } + inSz = sizeof(badNoSeq); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -7489; + goto done; + } + inSz = sizeof(badNoObj); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); + if (ret != ASN_PARSE_E) { + ret = -7490; + goto done; + } + inSz = sizeof(badIntN); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); + if (ret != ASN_RSA_KEY_E) { + ret = -7491; + goto done; + } + inSz = sizeof(badNotIntE); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); + if (ret != ASN_RSA_KEY_E) { + ret = -7492; + goto done; + } + /* TODO: Shouldn't pass as the sequence length is too small. */ + inSz = sizeof(badLength); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = -7493; + goto done; + } + /* TODO: Shouldn't ignore object id's data. */ + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7494; + + inSz = sizeof(badBitStrNoZero); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); + if (ret != ASN_EXPECT_0_E) { + ret = -7495; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7496; + + /* Valid data cases. */ + inSz = sizeof(good); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = -7497; + goto done; + } + if (inOutIdx != inSz) { + ret = -7498; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7499; + + inSz = sizeof(goodAlgId); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = -7500; + goto done; + } + if (inOutIdx != inSz) { + ret = -7501; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return -7502; + + inSz = sizeof(goodAlgIdNull); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = -7503; + goto done; + } + if (inOutIdx != inSz) { + ret = -7504; + goto done; + } + +done: + wc_FreeRsaKey(keyPub); + return ret; +} +#endif + +#ifdef WC_RSA_PSS +static int rsa_pss_test(WC_RNG* rng, RsaKey* key) +{ + byte digest[WC_MAX_DIGEST_SIZE]; + int ret = 0; + const char* inStr = "Everyone gets Friday off."; + word32 inLen = (word32)XSTRLEN((char*)inStr); + word32 outSz; + word32 plainSz; + word32 digestSz; + int i, j; +#ifdef RSA_PSS_TEST_WRONG_PARAMS + int k, l; +#endif + int len; + byte* plain; + int mgf[] = { +#ifndef NO_SHA + WC_MGF1SHA1, +#endif +#ifdef WOLFSSL_SHA224 + WC_MGF1SHA224, +#endif + WC_MGF1SHA256, +#ifdef WOLFSSL_SHA384 + WC_MGF1SHA384, +#endif +#ifdef WOLFSSL_SHA512 + WC_MGF1SHA512 +#endif + }; + enum wc_HashType hash[] = { +#ifndef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifdef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif + WC_HASH_TYPE_SHA256, +#ifdef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifdef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#endif + }; + + DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); + DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT); + + /* Test all combinations of hash and MGF. */ + for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) { + /* Calculate hash of message. */ + ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); + if (ret != 0) + ERROR_OUT(-7505, exit_rsa_pss); + digestSz = wc_HashGetDigestSize(hash[j]); + + for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { + outSz = RSA_TEST_BYTES; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, + hash[j], mgf[i], -1, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) + ERROR_OUT(-7506, exit_rsa_pss); + outSz = ret; + + XMEMCPY(sig, out, outSz); + plain = NULL; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j], + mgf[i], -1, key); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) + ERROR_OUT(-7507, exit_rsa_pss); + plainSz = ret; + TEST_SLEEP(); + +#ifdef HAVE_SELFTEST + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[j], -1); +#else + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[j], -1, wc_RsaEncryptSize(key)*8); +#endif + if (ret != 0) + ERROR_OUT(-7508, exit_rsa_pss); + +#ifdef RSA_PSS_TEST_WRONG_PARAMS + for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { + for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) { + if (i == k && j == l) + continue; + + XMEMCPY(sig, out, outSz); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, + (byte**)&plain, hash[l], mgf[k], -1, key); + } + } while (ret == WC_PENDING_E); + if (ret >= 0) + ERROR_OUT(-7509, exit_rsa_pss); + } + } +#endif + } + } + + /* Test that a salt length of zero works. */ + digestSz = wc_HashGetDigestSize(hash[0]); + outSz = RSA_TEST_BYTES; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], 0, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) + ERROR_OUT(-7510, exit_rsa_pss); + outSz = ret; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0], + 0, key); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) + ERROR_OUT(-7511, exit_rsa_pss); + plainSz = ret; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { +#ifdef HAVE_SELFTEST + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, + hash[0], 0); +#else + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, + hash[0], 0, 0); +#endif + } + } while (ret == WC_PENDING_E); + if (ret != 0) + ERROR_OUT(-7512, exit_rsa_pss); + + XMEMCPY(sig, out, outSz); + plain = NULL; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], + 0, key); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) + ERROR_OUT(-7513, exit_rsa_pss); + plainSz = ret; + TEST_SLEEP(); + +#ifdef HAVE_SELFTEST + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + 0); +#else + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + 0, 0); +#endif + if (ret != 0) + ERROR_OUT(-7514, exit_rsa_pss); + + /* Test bad salt lengths in various APIs. */ + digestSz = wc_HashGetDigestSize(hash[0]); + outSz = RSA_TEST_BYTES; +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + len = -2; +#else + len = -3; +#endif + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], len, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7515, exit_rsa_pss); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], digestSz + 1, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7516, exit_rsa_pss); + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], + mgf[0], -2, key); + } + } while (ret == WC_PENDING_E); + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7517, exit_rsa_pss); + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], + digestSz + 1, key); + } + } while (ret == WC_PENDING_E); + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7518, exit_rsa_pss); + TEST_SLEEP(); + +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + len = -2; +#else + len = -3; +#endif +#ifdef HAVE_SELFTEST + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + len); +#else + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + len, 0); +#endif + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7519, exit_rsa_pss); +#ifndef WOLFSSL_PSS_LONG_SALT + len = digestSz + 1; +#else + len = plainSz - digestSz - 1; +#endif +#ifdef HAVE_SELFTEST + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + len); +#else + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], + len, 0); +#endif + if (ret != PSS_SALTLEN_E) + ERROR_OUT(-7520, exit_rsa_pss); + + ret = 0; +exit_rsa_pss: + FREE_VAR(sig, HEAP_HINT); + FREE_VAR(in, HEAP_HINT); + FREE_VAR(out, HEAP_HINT); + + return ret; +} +#endif + +#ifdef WC_RSA_NO_PADDING +int rsa_no_pad_test(void) +{ + WC_RNG rng; + RsaKey key; + byte* tmp; + size_t bytes; + int ret; + word32 inLen = 0; + word32 idx = 0; + word32 outSz = RSA_TEST_BYTES; + word32 plainSz = RSA_TEST_BYTES; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; +#endif + DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#else + bytes = FOURK_BUF; +#endif + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL + #ifdef WOLFSSL_ASYNC_CRYPT + || out == NULL || plain == NULL + #endif + ) { + ERROR_OUT(-7600, exit_rsa_nopadding); + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -40); + ERROR_OUT(-7601, exit_rsa_nopadding); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No key to use. */ + ERROR_OUT(-7602, exit_rsa_nopadding); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7603, exit_rsa_nopadding); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-7604, exit_rsa_nopadding); + } + + /* after loading in key use tmp as the test buffer */ + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ERROR_OUT(-7605, exit_rsa_nopadding); + } + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + inLen = wc_RsaEncryptSize(&key); + outSz = inLen; + plainSz = inLen; + XMEMSET(tmp, 7, inLen); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaDirect(tmp, inLen, out, &outSz, &key, + RSA_PRIVATE_ENCRYPT, &rng); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) { + ERROR_OUT(-7606, exit_rsa_nopadding); + } + + /* encrypted result should not be the same as input */ + if (XMEMCMP(out, tmp, inLen) == 0) { + ERROR_OUT(-7607, exit_rsa_nopadding); + } + TEST_SLEEP(); + + /* decrypt with public key and compare result */ + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, + RSA_PUBLIC_DECRYPT, &rng); + } + } while (ret == WC_PENDING_E); + if (ret <= 0) { + ERROR_OUT(-7608, exit_rsa_nopadding); + } + + if (XMEMCMP(plain, tmp, inLen) != 0) { + ERROR_OUT(-7609, exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif + +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(NULL, &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7610, exit_rsa_nopadding); + } + + ret = wc_RsaSetRNG(&key, &rng); + if (ret < 0) { + ERROR_OUT(-7611, exit_rsa_nopadding); + } +#endif + + /* test encrypt and decrypt using WC_RSA_NO_PAD */ +#ifndef WOLFSSL_RSA_VERIFY_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, &key, &rng, + WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7612, exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, &key, + WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7613, exit_rsa_nopadding); + } + + if (XMEMCMP(plain, tmp, inLen) != 0) { + ERROR_OUT(-7614, exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + /* test some bad arguments */ + ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, + &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7615, exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, + &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7616, exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT, + &rng); + if (ret != LENGTH_ONLY_E || plainSz != inLen) { + ERROR_OUT(-7617, exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key, + RSA_PUBLIC_DECRYPT, &rng); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7618, exit_rsa_nopadding); + } + + /* if making it to this point of code without hitting an ERROR_OUT then + * all tests have passed */ + ret = 0; + +exit_rsa_nopadding: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + FREE_VAR(out, HEAP_HINT); + FREE_VAR(plain, HEAP_HINT); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + + return ret; +} +#endif /* WC_RSA_NO_PADDING */ + +#ifdef WOLFSSL_CERT_GEN +static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + byte* der; + byte* pem = NULL; + int ret; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif +#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) + struct tm beforeTime; + struct tm afterTime; +#endif + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + + (void)keypub; + + XMEMSET(&caKey, 0, sizeof(caKey)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-7619, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-7620, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-7621, exit_rsa); + } + + /* self signed */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-7622, exit_rsa); + } + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); + myCert->serialSz = (int)sizeof(mySerial); + myCert->isCA = 1; +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-7623, exit_rsa); + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { + ERROR_OUT(-7624, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) { + ERROR_OUT(-7625, exit_rsa); + } +#ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, + HEAP_HINT) != 0) { + ERROR_OUT(-7626, exit_rsa); + } + } +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7627, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-7628, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, + certPemFile, CERT_TYPE, -5578); + if (ret != 0) { + goto exit_rsa; + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-7629, exit_rsa); + } + +#ifdef WOLFSSL_ALT_NAMES + /* Get CA Cert for testing */ + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); + bytes3 = sizeof_ca_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); + bytes3 = sizeof_ca_cert_der_2048; + #else + file3 = XFOPEN(rsaCaCertDerFile, "rb"); + if (!file3) { + ERROR_OUT(-7630, exit_rsa); + } + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); + #endif /* USE_CERT_BUFFERS */ + + #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \ + !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + ret = wc_SetAltNames(myCert, rsaCaCertFile); + if (ret != 0) { + ERROR_OUT(-7631, exit_rsa); + } + #endif + /* get alt names from der */ + ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-7632, exit_rsa); + } + + /* get dates from der */ + ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) { + ERROR_OUT(-7633, exit_rsa); + } + + #ifndef NO_ASN_TIME + ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); + if (ret < 0) { + ERROR_OUT(-7634, exit_rsa); + } + #endif +#endif /* WOLFSSL_ALT_NAMES */ + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = XFOPEN(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-7635, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-7636, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-7637, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb =1; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) { + ERROR_OUT(-7638, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-7639, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) { + ERROR_OUT(-7640, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-7641, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); + if (certSz < 0) { + ERROR_OUT(-7642, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, + &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7643, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-7644, exit_rsa); + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, + otherCertPemFile, CERT_TYPE, -5598); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif + +#if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) +/* Make Cert / Sign example for ECC cert and RSA CA */ +static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) +{ + RsaKey caKey; + ecc_key caEccKey; + ecc_key caEccKeyPub; + byte* der; + byte* pem = NULL; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ + || !defined(USE_CERT_BUFFERS_256) + XFILE file3; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif + int ret; + + XMEMSET(&caKey, 0, sizeof(caKey)); + XMEMSET(&caEccKey, 0, sizeof(caEccKey)); + XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-7645, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-7646, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(-7647, exit_rsa); + } + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = XFOPEN(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(-7648, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-7649, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-7650, exit_rsa); + } + + /* Get Cert Key */ +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); + bytes3 = sizeof_ecc_key_pub_der_256; +#else + file3 = XFOPEN(eccKeyPubFile, "rb"); + if (!file3) { + ERROR_OUT(-7651, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); +#endif + + ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7652, exit_rsa); + } + + idx3 = 0; + ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); + if (ret != 0) { + ERROR_OUT(-7653, exit_rsa); + } + + /* Setup Certificate */ + if (wc_InitCert(myCert)) { + ERROR_OUT(-7654, exit_rsa); + } + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) { + ERROR_OUT(-7655, exit_rsa); + } + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) { + ERROR_OUT(-7656, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) { + ERROR_OUT(-7657, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) { + ERROR_OUT(-7658, exit_rsa); + } + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng); + if (certSz < 0) { + ERROR_OUT(-7659, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, + FOURK_BUF, &caKey, NULL, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7660, exit_rsa); + } + certSz = ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, 0); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-7661, exit_rsa); + + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, + certEccRsaPemFile, CERT_TYPE, -5616); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + wc_FreeRsaKey(&caKey); + wc_ecc_free(&caEccKey); + wc_ecc_free(&caEccKeyPub); + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + if (ret >= 0) + ret = 0; + return ret; +} +#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ + +#ifdef WOLFSSL_KEY_GEN +static int rsa_keygen_test(WC_RNG* rng) +{ + RsaKey genKey; + int ret; + byte* der = NULL; + byte* pem = NULL; + word32 idx = 0; + int derSz = 0; +#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) + int keySz = 1024; +#else + int keySz = 2048; +#endif + + XMEMSET(&genKey, 0, sizeof(genKey)); + + ret = wc_InitRsaKey_ex(&genKey, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7662, exit_rsa); + } + + ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &genKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7663, exit_rsa); + } + TEST_SLEEP(); + + /* If not using old FIPS, or not using FAST or USER RSA... */ + #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) + ret = wc_CheckRsaKey(&genKey); + if (ret != 0) { + ERROR_OUT(-7664, exit_rsa); + } + #endif + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-7665, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-7666, exit_rsa); + } + + derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); + if (derSz < 0) { + ERROR_OUT(-7667, exit_rsa); + } + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, + PRIVATEKEY_TYPE, -5555); + if (ret != 0) { + goto exit_rsa; + } + + wc_FreeRsaKey(&genKey); + ret = wc_InitRsaKey(&genKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-7668, exit_rsa); + } + idx = 0; +#if !defined(WOLFSSL_CRYPTOCELL) + /* The private key part of the key gen pairs from cryptocell can't be exported */ + ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); + if (ret != 0) { + ERROR_OUT(-7669, exit_rsa); + } +#endif /* WOLFSSL_CRYPTOCELL */ + +exit_rsa: + wc_FreeRsaKey(&genKey); + if (pem != NULL) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + } + if (der != NULL) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + } + + return ret; +} +#endif + +int rsa_test(void) +{ + int ret; + byte* tmp; + byte* der = NULL; + byte* pem = NULL; + size_t bytes; + WC_RNG rng; + RsaKey key; +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + RsaKey keypub; +#endif +#if defined(HAVE_NTRU) + RsaKey caKey; +#endif +#if !defined(NO_ASN) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) \ + || defined(WOLFSSL_PUBLIC_MP) + word32 idx = 0; +#endif +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) + const char* inStr = "Everyone gets Friday off."; + word32 inLen = (word32)XSTRLEN((char*)inStr); + const word32 outSz = RSA_TEST_BYTES; + const word32 plainSz = RSA_TEST_BYTES; +#endif +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) + byte* res; +#endif +#ifndef NO_SIG_WRAPPER + int modLen; +#endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; + XFILE file2; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert cert; +#endif + +#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ + !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) + DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); + DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + if (in == NULL) + return MEMORY_E; +#endif + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); +#ifdef WOLFSSL_CERT_EXT + XMEMSET(&keypub, 0, sizeof(keypub)); +#endif +#if defined(HAVE_NTRU) + XMEMSET(&caKey, 0, sizeof(caKey)); +#endif + +#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) + ret = rsa_decode_test(&key); + if (ret != 0) + return ret; +#endif + +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + bytes = (size_t)sizeof_client_key_der_3072; + if (bytes < (size_t)sizeof_client_cert_der_3072) + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + bytes = (size_t)sizeof_client_key_der_4096; + if (bytes < (size_t)sizeof_client_cert_der_4096) + bytes = (size_t)sizeof_client_cert_der_4096; +#else + bytes = FOURK_BUF; +#endif + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL + #ifdef WOLFSSL_ASYNC_CRYPT + || out == NULL || plain == NULL + #endif + ) { + return -7700; + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -40); + ERROR_OUT(-7701, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No key to use. */ + ERROR_OUT(-7702, exit_rsa); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7703, exit_rsa); + } +#ifndef NO_ASN + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-7704, exit_rsa); + } +#ifndef NO_SIG_WRAPPER + modLen = wc_RsaEncryptSize(&key); +#endif +#else + #ifdef USE_CERT_BUFFERS_2048 + ret = mp_read_unsigned_bin(&key.n, &tmp[12], 256); + if (ret != 0) { + ERROR_OUT(-7705, exit_rsa); + } + ret = mp_set_int(&key.e, WC_RSA_EXPONENT); + if (ret != 0) { + ERROR_OUT(-7706, exit_rsa); + } +#ifndef NO_SIG_WRAPPER + modLen = 2048; +#endif + #else + #error Not supported yet! + #endif +#endif + +#ifndef WC_NO_RNG +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ERROR_OUT(-7707, exit_rsa); + } +#endif + +#ifndef NO_SIG_WRAPPER + ret = rsa_sig_test(&key, sizeof(RsaKey), modLen, &rng); + if (ret != 0) + goto exit_rsa; +#endif + +#ifdef WC_RSA_NONBLOCK + ret = rsa_nb_test(&key, in, inLen, out, outSz, plain, plainSz, &rng); + if (ret != 0) + goto exit_rsa; +#endif + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, &key, &rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7708, exit_rsa); + } + TEST_SLEEP(); + +#ifdef WC_RSA_BLINDING + { + int tmpret = ret; + ret = wc_RsaSetRNG(&key, &rng); + if (ret < 0) { + ERROR_OUT(-7709, exit_rsa); + } + ret = tmpret; + } +#endif + + idx = (word32)ret; /* save off encrypted length */ + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, &key); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7710, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7711, exit_rsa); + } + TEST_SLEEP(); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecryptInline(out, idx, &res, &key); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7712, exit_rsa); + } + if (ret != (int)inLen) { + ERROR_OUT(-7713, exit_rsa); + } + if (XMEMCMP(res, in, inLen)) { + ERROR_OUT(-7714, exit_rsa); + } + TEST_SLEEP(); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7715, exit_rsa); + } + TEST_SLEEP(); + +#elif defined(WOLFSSL_PUBLIC_MP) + (void)outSz; + (void)inLen; + (void)res; + { + byte signature_2048[] = { + 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79, + 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe, + 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda, + 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30, + 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e, + 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1, + 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47, + 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc, + 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4, + 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f, + 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5, + 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05, + 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95, + 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a, + 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1, + 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45, + 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5, + 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b, + 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9, + 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c, + 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04, + 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef, + 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72, + 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b, + 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00, + 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d, + 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e, + 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20, + 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61, + 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98, + 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff, + 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b + }; + ret = sizeof(signature_2048); + XMEMCPY(out, signature_2048, ret); + } +#endif + +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) + idx = (word32)ret; + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { +#ifndef WOLFSSL_RSA_VERIFY_INLINE + +#if defined(WOLFSSL_CRYPTOCELL) + /* + Cryptocell requires the input data and signature byte array to verify. + + first argument must be the input data + second argument must be the length of input data + third argument must be the signature byte array or the output from + wc_RsaSSL_Sign() + fourth argument must be the length of the signature byte array + */ + + ret = wc_RsaSSL_Verify(in, inLen, out, outSz, &key); +#else + ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); +#endif /* WOLFSSL_CRYPTOCELL */ +#else + byte* dec = NULL; + ret = wc_RsaSSL_VerifyInline(out, idx, &dec, &key); + if (ret > 0) { + XMEMCPY(plain, dec, ret); + } +#endif + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7716, exit_rsa); + } + + if (XMEMCMP(plain, in, (size_t)ret)) { + ERROR_OUT(-7717, exit_rsa); + } + TEST_SLEEP(); +#endif + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) + /* OAEP padding testing */ + #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + #ifndef NO_SHA + XMEMSET(plain, 0, plainSz); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7718, exit_rsa); + } + TEST_SLEEP(); + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + idx = (word32)ret; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7719, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7720, exit_rsa); + } + TEST_SLEEP(); + #endif /* NO_SHA */ +#endif + + #ifndef NO_SHA256 + XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7721, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7722, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7723, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7724, exit_rsa); + } + if (ret != (int)inLen) { + ERROR_OUT(-7725, exit_rsa); + } + if (XMEMCMP(res, in, inLen)) { + ERROR_OUT(-7726, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + /* check fails if not using the same optional label */ + XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7727, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_CRYPTOCELL) +/* label is unused in cryptocell so it won't detect decrypt error due to label */ + idx = (word32)ret; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_PENDING_E); + if (ret > 0) { /* in this case decrypt should fail */ + ERROR_OUT(-7728, exit_rsa); + } + ret = 0; + TEST_SLEEP(); +#endif /* !HAVE_CAVIUM */ + + /* check using optional label with encrypt/decrypt */ + XMEMSET(plain, 0, plainSz); +#ifndef WOLFSSL_RSA_VERIFY_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7729, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7730, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7731, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + #ifndef NO_SHA + /* check fail using mismatch hash algorithms */ + XMEMSET(plain, 0, plainSz); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7732, exit_rsa); + } + TEST_SLEEP(); + +/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_CRYPTOCELL) + idx = (word32)ret; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, + in, inLen); + } + } while (ret == WC_PENDING_E); + if (ret > 0) { /* should fail */ + ERROR_OUT(-7733, exit_rsa); + } + ret = 0; + TEST_SLEEP(); + #endif /* !HAVE_CAVIUM */ + #endif /* NO_SHA */ +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ +#endif /* NO_SHA256 */ + +#ifdef WOLFSSL_SHA512 + /* Check valid RSA key size is used while using hash length of SHA512 + If key size is less than (hash length * 2) + 2 then is invalid use + and test, since OAEP padding requires this. + BAD_FUNC_ARG is returned when this case is not met */ + if (wc_RsaEncryptSize(&key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) { + XMEMSET(plain, 0, plainSz); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7734, exit_rsa); + } + TEST_SLEEP(); + + idx = ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7735, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7736, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + } +#endif /* WOLFSSL_SHA512 */ + + /* check using pkcsv15 padding with _ex API */ + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, + WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7737, exit_rsa); + } + TEST_SLEEP(); + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, + WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7738, exit_rsa); + } + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(-7739, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ + #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = rsa_export_key_test(&key); + if (ret != 0) + return ret; +#endif + +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + ret = rsa_flatten_test(&key); + if (ret != 0) + return ret; +#endif + +#if defined(WOLFSSL_MDK_ARM) + #define sizeof(s) XSTRLEN((char *)(s)) +#endif + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024); + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048); + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072); + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096); + bytes = (size_t)sizeof_client_cert_der_4096; +#elif !defined(NO_FILESYSTEM) + file2 = XFOPEN(clientCert, "rb"); + if (!file2) { + ERROR_OUT(-7740, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file2); + XFCLOSE(file2); +#else + /* No certificate to use. */ + ERROR_OUT(-7741, exit_rsa); +#endif + +#ifdef sizeof + #undef sizeof +#endif + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&cert); + ERROR_OUT(-7742, exit_rsa); + } + + FreeDecodedCert(&cert); +#else + (void)bytes; +#endif + +#ifdef WOLFSSL_CERT_EXT + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + bytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + bytes = sizeof_client_keypub_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072); + bytes = sizeof_client_keypub_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096); + bytes = sizeof_client_keypub_der_4096; +#else + file = XFOPEN(clientKeyPub, "rb"); + if (!file) { + err_sys("can't open ./certs/client-keyPub.der, " + "Please run from wolfSSL home dir", -40); + ERROR_OUT(-7743, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&keypub, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-7744, exit_rsa); + } + idx = 0; + + ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-7745, exit_rsa); + } +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_KEY_GEN + ret = rsa_keygen_test(&rng); + if (ret != 0) + goto exit_rsa; +#endif + +#ifdef WOLFSSL_CERT_GEN + /* Make Cert / Sign example for RSA cert and RSA CA */ + ret = rsa_certgen_test(&key, &keypub, &rng, tmp); + if (ret != 0) + goto exit_rsa; + +#if !defined(NO_RSA) && defined(HAVE_ECC) + ret = rsa_ecc_certgen_test(&rng, tmp); + if (ret != 0) + goto exit_rsa; +#endif + +#ifdef HAVE_NTRU + { + Cert myCert; + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE caFile; + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + XFILE ntruPrivFile; + #endif + int certSz; + word32 idx3 = 0; + #ifdef WOLFSSL_TEST_CERT + DecodedCert decode; + #endif + byte public_key[557]; /* sized for EES401EP2 */ + word16 public_key_len; /* no. of octets in public key */ + byte private_key[607]; /* sized for EES401EP2 */ + word16 private_key_len; /* no. of octets in private key */ + DRBG_HANDLE drbg; + static uint8_t const pers_str[] = { + 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' + }; + word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, + sizeof(pers_str), GetEntropy, &drbg); + if (rc != DRBG_OK) { + ERROR_OUT(-7746, exit_rsa); + } + + rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, + &public_key_len, NULL, + &private_key_len, NULL); + if (rc != NTRU_OK) { + ERROR_OUT(-7747, exit_rsa); + } + + rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, + &public_key_len, public_key, + &private_key_len, private_key); + if (rc != NTRU_OK) { + ERROR_OUT(-7748, exit_rsa); + } + + rc = ntru_crypto_drbg_uninstantiate(drbg); + if (rc != NTRU_OK) { + ERROR_OUT(-7749, exit_rsa); + } + + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes = sizeof_ca_key_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes = sizeof_ca_key_der_2048; + #else + caFile = XFOPEN(rsaCaKeyFile, "rb"); + if (!caFile) { + ERROR_OUT(-7750, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, caFile); + XFCLOSE(caFile); + #endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&caKey, HEAP_HINT); + if (ret != 0) { + ERROR_OUT(-7751, exit_rsa); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-7752, exit_rsa); + } + + if (wc_InitCert(&myCert)) { + ERROR_OUT(-7753, exit_rsa); + } + + XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); + myCert.daysValid = 1000; + + #ifdef WOLFSSL_CERT_EXT + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, + public_key_len) != 0) { + ERROR_OUT(-7754, exit_rsa); + } + + /* add AKID from the CA certificate */ + #if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); + #elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); + #else + ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); + #endif + if (ret != 0) { + ERROR_OUT(-7755, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) { + ERROR_OUT(-7756, exit_rsa); + } + #endif /* WOLFSSL_CERT_EXT */ + + #if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); + #elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); + #else + ret = wc_SetIssuer(&myCert, rsaCaCertFile); + #endif + if (ret < 0) { + ERROR_OUT(-7757, exit_rsa); + } + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-7758, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-7759, exit_rsa); + } + + certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, + public_key_len, &rng); + if (certSz < 0) { + ERROR_OUT(-7760, exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF, + &caKey, NULL, &rng); + } + } while (ret == WC_PENDING_E); + wc_FreeRsaKey(&caKey); + if (ret < 0) { + ERROR_OUT(-7761, exit_rsa); + } + certSz = ret; + + #ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-7762, exit_rsa); + } + FreeDecodedCert(&decode); + #endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der", + "./ntru-cert.pem", CERT_TYPE, -5637); + if (ret != 0) { + goto exit_rsa; + } + + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + ntruPrivFile = XFOPEN("./ntru-key.raw", "wb"); + if (!ntruPrivFile) { + ERROR_OUT(-7763, exit_rsa); + } + ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile); + XFCLOSE(ntruPrivFile); + if (ret != private_key_len) { + ERROR_OUT(-7764, exit_rsa); + } + #endif + + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + } +#endif /* HAVE_NTRU */ +#ifdef WOLFSSL_CERT_REQ + { + Cert req; + int derSz; + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-7765, exit_rsa); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-7766, exit_rsa); + } + + if (wc_InitCert(&req)) { + ERROR_OUT(-7767, exit_rsa); + } + + req.version = 0; + req.isCA = 1; + XSTRNCPY(req.challengePw, "wolf123", CTC_NAME_SIZE); + XMEMCPY(&req.subject, &certDefaultName, sizeof(CertName)); + + #ifndef NO_SHA256 + req.sigType = CTC_SHA256wRSA; + #else + req.sigType = CTC_SHAwRSA; + #endif + + #ifdef WOLFSSL_CERT_EXT + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { + ERROR_OUT(-7768, exit_rsa); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&req, certKeyUsage2) != 0) { + ERROR_OUT(-7769, exit_rsa); + } + + /* add Extended Key Usage */ + if (wc_SetExtKeyUsage(&req, "serverAuth,clientAuth,codeSigning," + "emailProtection,timeStamping,OCSPSigning") != 0) { + ERROR_OUT(-7770, exit_rsa); + } + #ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0, + HEAP_HINT) != 0) { + ERROR_OUT(-7771, exit_rsa); + } + } + #endif /* WOLFSSL_EKU_OID */ + #endif /* WOLFSSL_CERT_EXT */ + + derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); + if (derSz < 0) { + ERROR_OUT(-7772, exit_rsa); + } + + #ifdef WOLFSSL_CERT_EXT + /* Try again with "any" flag set, will override all others */ + if (wc_SetExtKeyUsage(&req, "any") != 0) { + ERROR_OUT(-7773, exit_rsa); + } + derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); + if (derSz < 0) { + ERROR_OUT(-7774, exit_rsa); + } + #endif /* WOLFSSL_CERT_EXT */ + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(req.bodySz, req.sigType, der, FOURK_BUF, + &key, NULL, &rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-7775, exit_rsa); + } + derSz = ret; + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile, + certReqPemFile, CERTREQ_TYPE, -5650); + if (ret != 0) { + goto exit_rsa; + } + + derSz = wc_MakeCertReq_ex(&req, der, FOURK_BUF, RSA_TYPE, &key); + if (derSz < 0) { + ERROR_OUT(-7776, exit_rsa); + } + + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + } +#endif /* WOLFSSL_CERT_REQ */ +#endif /* WOLFSSL_CERT_GEN */ + +#ifdef WC_RSA_PSS + ret = rsa_pss_test(&rng, &key); +#endif + +exit_rsa: + wc_FreeRsaKey(&key); +#ifdef WOLFSSL_CERT_EXT + wc_FreeRsaKey(&keypub); +#endif +#if defined(HAVE_NTRU) + wc_FreeRsaKey(&caKey); +#endif + + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + + FREE_VAR(in, HEAP_HINT); + FREE_VAR(out, HEAP_HINT); + FREE_VAR(plain, HEAP_HINT); + + /* ret can be greater then 0 with certgen but all negative values should + * be returned and treated as an error */ + if (ret >= 0) { + return 0; + } + else { + return ret; + } +} + +#endif /* !NO_RSA */ + + +#ifndef NO_DH + +static int dh_fips_generate_test(WC_RNG *rng) +{ + int ret = 0; + DhKey key; + static byte p[] = { + 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + }; + static byte g[] = { + 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + }; + static byte q[] = { + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; + static byte q0[] = { + 0x00, + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; + byte priv[256]; + byte pub[256]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + + /* Parameter Validation testing. */ + ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7777; + ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7778; + ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7779; + ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7780; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz); + if (ret != BAD_FUNC_ARG) + return -7781; + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL); + if (ret != BAD_FUNC_ARG) + return -7782; + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7783; + + ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7784, exit_gen_test); + } + + wc_FreeDhKey(&key); + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7785; + + ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); + if (ret != 0) { + ERROR_OUT(-7786, exit_gen_test); + } + + /* Use API. */ + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7787, exit_gen_test); + } + + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0)); + if (ret != 0) { + ERROR_OUT(-7788, exit_gen_test); + } + + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7789; + + ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g)); + if (ret != 0) { + ERROR_OUT(-7790, exit_gen_test); + } + + ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q)); + if (ret != 0) { + ERROR_OUT(-7791, exit_gen_test); + } + +#ifndef HAVE_SELFTEST + ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); + if (ret != 0) { + ERROR_OUT(-7792, exit_gen_test); + } + + /* Taint the public key so the check fails. */ + pub[0]++; + ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); + if (ret != MP_CMP_E) { + ERROR_OUT(-7793, exit_gen_test); + } + +#ifdef WOLFSSL_KEY_GEN + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -7794; + + ret = wc_DhGenerateParams(rng, 2048, &key); + if (ret != 0) { + ERROR_OUT(-7795, exit_gen_test); + } + + privSz = sizeof(priv); + pubSz = sizeof(pub); + + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7796, exit_gen_test); + } + +#endif /* WOLFSSL_KEY_GEN */ +#endif /* HAVE_SELFTEST */ + + ret = 0; + +exit_gen_test: + wc_FreeDhKey(&key); + + return ret; +} + +static int dh_generate_test(WC_RNG *rng) +{ + int ret = 0; + DhKey smallKey; + byte p[2] = { 0, 5 }; + byte g[2] = { 0, 2 }; +#ifndef WOLFSSL_SP_MATH +#ifdef WOLFSSL_DH_CONST + /* the table for constant DH lookup will round to the lowest byte size 21 */ + byte priv[21]; + byte pub[21]; +#else + byte priv[2]; + byte pub[2]; +#endif + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); +#endif + + ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId); + if (ret != 0) + return -7797; + + /* Parameter Validation testing. */ + ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); + if (ret != BAD_FUNC_ARG) + return -7798; + wc_FreeDhKey(NULL); + + ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7799, exit_gen_test); + } + ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g)); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7800, exit_gen_test); + } + ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g)); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7801, exit_gen_test); + } + ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g)); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7802, exit_gen_test); + } + ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0); + if (ret != BAD_FUNC_ARG) { + ERROR_OUT(-7803, exit_gen_test); + } + ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g)); + if (ret != 0) { + ERROR_OUT(-7804, exit_gen_test); + } + +#ifndef WOLFSSL_SP_MATH + /* Use API. */ + ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ret = -7805; + } +#else + (void)rng; + ret = 0; +#endif + +exit_gen_test: + wc_FreeDhKey(&smallKey); + + return ret; +} + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +typedef struct dh_pubvalue_test { + const byte* data; + word32 len; +} dh_pubvalue_test; + +static int dh_test_check_pubvalue(void) +{ + int ret; + word32 i; + const byte prime[] = {0x01, 0x00, 0x01}; + const byte pubValZero[] = { 0x00 }; + const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 }; + const byte pubValOne[] = { 0x01 }; + const byte pubValOneLong[] = { 0x00, 0x00, 0x01 }; + const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 }; + const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01}; + const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 }; + const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 }; + const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 }; + const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 }; + const dh_pubvalue_test dh_pubval_fail[] = { + { prime, sizeof(prime) }, + { pubValZero, sizeof(pubValZero) }, + { pubValZeroLong, sizeof(pubValZeroLong) }, + { pubValOne, sizeof(pubValOne) }, + { pubValOneLong, sizeof(pubValOneLong) }, + { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) }, + { pubValPrimeLong, sizeof(pubValPrimeLong) }, + { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) }, + { pubValTooBig0, sizeof(pubValTooBig0) }, + { pubValTooBig1, sizeof(pubValTooBig1) }, + { pubValTooLong, sizeof(pubValTooLong) }, + }; + const byte pubValTwo[] = { 0x02 }; + const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 }; + const byte pubValGood[] = { 0x12, 0x34 }; + const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 }; + const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 }; + const dh_pubvalue_test dh_pubval_pass[] = { + { pubValTwo, sizeof(pubValTwo) }, + { pubValTwoLong, sizeof(pubValTwoLong) }, + { pubValGood, sizeof(pubValGood) }, + { pubValGoodLen, sizeof(pubValGoodLen) }, + { pubValGoodLong, sizeof(pubValGoodLong) }, + }; + + for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) { + ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data, + dh_pubval_fail[i].len); + if (ret != MP_VAL) + return -7806 - (int)i; + } + + for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) { + ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data, + dh_pubval_pass[i].len); + if (ret != 0) + return -7816 - (int)i; + } + + return 0; +} +#endif + +#if defined(HAVE_FFDHE) + +#ifdef HAVE_FFDHE_3072 + #define FFDHE_KEY_SIZE (3072/8) +#else + #define FFDHE_KEY_SIZE (2048/8) +#endif + +static int dh_test_ffdhe(WC_RNG *rng, const DhParams* params) +{ + int ret; + word32 privSz, pubSz, privSz2, pubSz2; + byte priv[FFDHE_KEY_SIZE]; + byte pub[FFDHE_KEY_SIZE]; + byte priv2[FFDHE_KEY_SIZE]; + byte pub2[FFDHE_KEY_SIZE]; + byte agree[FFDHE_KEY_SIZE]; + byte agree2[FFDHE_KEY_SIZE]; + word32 agreeSz = (word32)sizeof(agree); + word32 agreeSz2 = (word32)sizeof(agree2); + DhKey key; + DhKey key2; + + XMEMSET(&key, 0, sizeof(DhKey)); + XMEMSET(&key2, 0, sizeof(DhKey)); + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7826, done); + } + ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7827, done); + } + + ret = wc_DhSetKey(&key, params->p, params->p_len, params->g, params->g_len); + if (ret != 0) { + ERROR_OUT(-7828, done); + } + + ret = wc_DhSetKey(&key2, params->p, params->p_len, params->g, + params->g_len); + if (ret != 0) { + ERROR_OUT(-7829, done); + } + + ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7830, done); + } + + ret = wc_DhGenerateKeyPair(&key2, rng, priv2, &privSz2, pub2, &pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7831, done); + } + + ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7832, done); + } + + ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7833, done); + } + + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { + ERROR_OUT(-7834, done); + } + +done: + wc_FreeDhKey(&key); + wc_FreeDhKey(&key2); + return ret; +} + +#endif /* HAVE_FFDHE */ + +int dh_test(void) +{ + int ret; + word32 bytes; + word32 idx = 0, privSz, pubSz, privSz2, pubSz2; + byte tmp[1024]; +#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + byte priv[256]; + byte pub[256]; + byte priv2[256]; + byte pub2[256]; + byte agree[256]; + byte agree2[256]; +#else + byte priv[512]; + byte pub[512]; + byte priv2[512]; + byte pub2[512]; + byte agree[512]; + byte agree2[512]; +#endif + word32 agreeSz = (word32)sizeof(agree); + word32 agreeSz2 = (word32)sizeof(agree2); + DhKey key; + DhKey key2; + WC_RNG rng; + int keyInit = 0; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024); + bytes = (size_t)sizeof_dh_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); + bytes = (size_t)sizeof_dh_key_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); + bytes = (size_t)sizeof_dh_key_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); + bytes = (size_t)sizeof_dh_key_der_4096; +#elif defined(NO_ASN) + /* don't use file, no DER parsing */ +#elif !defined(NO_FILESYSTEM) + XFILE file = XFOPEN(dhKey, "rb"); + if (!file) + return -7900; + + bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); + XFCLOSE(file); +#else + /* No DH key to use. */ + return -7901; +#endif /* USE_CERT_BUFFERS */ + + (void)idx; + (void)tmp; + (void)bytes; + + /* Use API for coverage. */ + ret = wc_InitDhKey(&key); + if (ret != 0) { + ERROR_OUT(-7902, done); + } + wc_FreeDhKey(&key); + + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7903, done); + } + keyInit = 1; + ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-7904, done); + } + +#ifdef NO_ASN + ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); + if (ret != 0) { + ERROR_OUT(-7905, done); + } + + ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); + if (ret != 0) { + ERROR_OUT(-7906, done); + } +#else + ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); + if (ret != 0) { + ERROR_OUT(-7907, done); + } + + idx = 0; + ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes); + if (ret != 0) { + ERROR_OUT(-7908, done); + } +#endif + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ERROR_OUT(-7909, done); + } + + ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7910, done); + } + + ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7911, done); + } + + ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7912, done); + } + + ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-7913, done); + } + + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { + ERROR_OUT(-7914, done); + } + +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG) + return -7915; + + if (wc_DhCheckPrivKey(&key, priv, privSz) != 0) + return -7916; + + if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG) + return -7917; + { + word32 pSz, qSz, gSz; + if (wc_DhExportParamsRaw(&key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E) + return -7918; + } +#endif + + ret = dh_generate_test(&rng); + if (ret == 0) + ret = dh_fips_generate_test(&rng); +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (ret == 0) + ret = dh_test_check_pubvalue(); +#endif + + /* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */ + #ifdef HAVE_FFDHE_2048 + if (ret == 0) { + ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe2048_Get()); + if (ret != 0) + printf("error with FFDHE 2048\n"); + } + #endif + #ifdef HAVE_FFDHE_3072 + if (ret == 0) { + ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe3072_Get()); + if (ret != 0) + printf("error with FFDHE 3072\n"); + } + #endif + + wc_FreeDhKey(&key); + keyInit = 0; + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_OLD_PRIME_CHECK) + if (ret == 0) { + /* Test Check Key */ + ret = wc_DhSetCheckKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g), + NULL, 0, 0, &rng); + keyInit = 1; /* DhSetCheckKey also initializes the key, free it */ + } +#endif + +done: + + if (keyInit) + wc_FreeDhKey(&key); + wc_FreeDhKey(&key2); + wc_FreeRng(&rng); + + return ret; +} + +#endif /* NO_DH */ + + +#ifndef NO_DSA + +int dsa_test(void) +{ + int ret, answer; + word32 bytes; + word32 idx = 0; + byte tmp[1024]; + DsaKey key; + WC_RNG rng; + wc_Sha sha; + byte hash[WC_SHA_DIGEST_SIZE]; + byte signature[40]; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + XFILE file = XFOPEN(dsaKey, "rb"); + if (!file) + return -8000; + + bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); + XFCLOSE(file); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return -8001; + wc_ShaUpdate(&sha, tmp, bytes); + wc_ShaFinal(&sha, hash); + wc_ShaFree(&sha); + + ret = wc_InitDsaKey(&key); + if (ret != 0) return -8002; + + ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); + if (ret != 0) return -8003; + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) return -8004; + + ret = wc_DsaSign(hash, signature, &key, &rng); + if (ret != 0) return -8005; + + ret = wc_DsaVerify(hash, signature, &key, &answer); + if (ret != 0) return -8006; + if (answer != 1) return -8007; + + wc_FreeDsaKey(&key); + +#ifdef WOLFSSL_KEY_GEN + { + byte* der; + byte* pem; + int derSz = 0; + DsaKey derIn; + DsaKey genKey; + + ret = wc_InitDsaKey(&genKey); + if (ret != 0) return -8008; + + ret = wc_MakeDsaParameters(&rng, 1024, &genKey); + if (ret != 0) { + wc_FreeDsaKey(&genKey); + return -8009; + } + + ret = wc_MakeDsaKey(&rng, &genKey); + if (ret != 0) { + wc_FreeDsaKey(&genKey); + return -8010; + } + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + wc_FreeDsaKey(&genKey); + return -8011; + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDsaKey(&genKey); + return -8012; + } + + derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); + if (derSz < 0) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -8013; + } + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, + keyPemFile, DSA_PRIVATEKEY_TYPE, -5814); + if (ret != 0) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDsaKey(&genKey); + return ret; + } + + ret = wc_InitDsaKey(&derIn); + if (ret != 0) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDsaKey(&genKey); + return -8014; + } + + idx = 0; + ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); + if (ret != 0) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDsaKey(&derIn); + wc_FreeDsaKey(&genKey); + return -8015; + } + + wc_FreeDsaKey(&derIn); + wc_FreeDsaKey(&genKey); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif /* WOLFSSL_KEY_GEN */ + + if (wc_InitDsaKey_h(&key, NULL) != 0) + return -8016; + + wc_FreeRng(&rng); + return 0; +} + +#endif /* NO_DSA */ + +#ifdef WOLFCRYPT_HAVE_SRP + +static int generate_random_salt(byte *buf, word32 size) +{ + int ret = -8017; + WC_RNG rng; + + if(NULL == buf || !size) + return -8018; + + if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { + ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); + + wc_FreeRng(&rng); + } + + return ret; +} + +int srp_test(void) +{ + Srp cli, srv; + int r; + + byte clientPubKey[80]; /* A */ + byte serverPubKey[80]; /* B */ + word32 clientPubKeySz = 80; + word32 serverPubKeySz = 80; + byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ + byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username[] = "user"; + word32 usernameSz = 4; + + byte password[] = "password"; + word32 passwordSz = 8; + + byte N[] = { + 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, + 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, + 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, + 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, + 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, + 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, + 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 + }; + + byte g[] = { + 0x02 + }; + + byte salt[10]; + + byte verifier[80]; + word32 v_size = sizeof(verifier); + + /* set as 0's so if second init on srv not called SrpTerm is not on + * garbage values */ + XMEMSET(&srv, 0, sizeof(Srp)); + XMEMSET(&cli, 0, sizeof(Srp)); + + /* generating random salt */ + + r = generate_random_salt(salt, sizeof(salt)); + + /* client knows username and password. */ + /* server knows N, g, salt and verifier. */ + + if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); + if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); + + /* loading N, g and salt in advance to generate the verifier. */ + + if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz); + if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size); + + /* client sends username to server */ + + if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); + if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz); + if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size); + if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); + + /* server sends N, g, salt and B to client */ + + if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); + if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz); + + /* client sends A and M1 to server */ + + if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz); + if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz); + + /* server sends M2 to client */ + + if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); + + return r; +} + +#endif /* WOLFCRYPT_HAVE_SRP */ + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + +#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) +static int openssl_aes_test(void) +{ +#ifdef HAVE_AES_CBC +#ifdef WOLFSSL_AES_128 + { + /* EVP_CipherUpdate test */ + const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; + int outlen ; + int total = 0; + int i; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8200; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 9) == 0) + return -8201; + if (outlen != 0) + return -8202; + total += outlen; + + if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[9] , 9) == 0) + return -8203; + if (outlen != 16) + return -8204; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -8205; + if (outlen != 16) + return -8206; + total += outlen; + if (total != 32) + return 3408; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8207; + + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + return -8208; + if (outlen != 0) + return -8209; + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6], 12) == 0) + return -8210; + if (outlen != 0) + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6+12], 14) == 0) + return -8211; + if (outlen != 16) + return -8212; + total += outlen; + + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -8213; + if (outlen != 2) + return -8214; + total += outlen; + + if (total != 18) + return 3427; + + if (XMEMCMP(plain, cbcPlain, 18)) + return -8215; + + /* test with encrypting/decrypting more than 16 bytes at once */ + total = 0; + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8216; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 17) == 0) + return -8217; + if (outlen != 16) + return -8218; + total += outlen; + + if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[17] , 1) == 0) + return -8219; + if (outlen != 0) + return -8220; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -8221; + if (outlen != 16) + return -8222; + total += outlen; + if (total != 32) + return -8223; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8224; + + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0) + return -8225; + if (outlen != 16) + return -8226; + total += outlen; + + /* final call on non block size should fail */ + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) + return -8227; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[17], 1) == 0) + return -8228; + if (outlen != 0) + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[17+1], 14) == 0) + return -8229; + if (outlen != 0) + return -8230; + total += outlen; + + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -8231; + if (outlen != 2) + return -8232; + total += outlen; + + if (total != 18) + return -8233; + + if (XMEMCMP(plain, cbcPlain, 18)) + return -8234; + + /* test byte by byte decrypt */ + for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { + plain[i] = i; + } + + total = 0; + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8235; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)plain, AES_BLOCK_SIZE * 3) == 0) + return -8236; + if (outlen != AES_BLOCK_SIZE * 3) + return -8237; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -8238; + if (outlen != AES_BLOCK_SIZE) + return -8239; + total += outlen; + if (total != sizeof(plain)) + return -8240; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8241; + + for (i = 0; i < AES_BLOCK_SIZE * 4; i++) { + if (EVP_CipherUpdate(&de, (byte*)plain + total, &outlen, + (byte*)cipher + i, 1) == 0) + return -8242; + + if (outlen > 0) { + int j; + + total += outlen; + for (j = 0; j < total; j++) { + if (plain[j] != j) { + return -8243; + } + } + } + } + + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -8244; + total += outlen; + if (total != AES_BLOCK_SIZE * 3) { + return -8245; + } + for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { + if (plain[i] != i) { + return -8246; + } + } + } + + /* set buffers to be exact size to catch potential over read/write */ + { + /* EVP_CipherUpdate test */ + const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + #define EVP_TEST_BUF_SZ 18 + #define EVP_TEST_BUF_PAD 32 + byte cipher[EVP_TEST_BUF_SZ]; + byte plain [EVP_TEST_BUF_SZ]; + byte padded[EVP_TEST_BUF_PAD]; + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; + int outlen ; + int total = 0; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8247; + if (EVP_CIPHER_CTX_set_padding(&en, 0) != 1) + return -8248; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) + return -8249; + if (outlen != 16) + return -8250; + total += outlen; + + /* should fail here */ + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) != 0) + return -8251; + + /* turn padding back on and do successful encrypt */ + total = 0; + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8252; + if (EVP_CIPHER_CTX_set_padding(&en, 1) != 1) + return -8253; + if (EVP_CipherUpdate(&en, (byte*)padded, &outlen, + (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) + return -8254; + if (outlen != 16) + return -8255; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&padded[total], &outlen) == 0) + return -8256; + total += outlen; + if (total != 32) + return -8257; + XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ); + + /* test out of bounds read on buffers w/o padding during decryption */ + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8258; + + if (EVP_CIPHER_CTX_set_padding(&de, 0) != 1) + return -8259; + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, + EVP_TEST_BUF_SZ) == 0) + return -8260; + if (outlen != 16) + return -8261; + total += outlen; + + /* should fail since not using padding */ + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) + return -8262; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8263; + if (EVP_CIPHER_CTX_set_padding(&de, 1) != 1) + return -8264; + if (EVP_CipherUpdate(&de, (byte*)padded, &outlen, (byte*)padded, + EVP_TEST_BUF_PAD) == 0) + return -8265; + if (outlen != 16) + return -8266; + total += outlen; + + if (EVP_CipherFinal(&de, (byte*)&padded[total], &outlen) == 0) + return -8267; + if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ)) + return -8268; + } + + { /* evp_cipher test: EVP_aes_128_cbc */ + EVP_CIPHER_CTX ctx; + + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) + return -8269; + + if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) + return -8270; + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -8271; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) + return -8272; + + if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) + return -8273; + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -8274; + + + } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 */ +#endif /* HAVE_AES_CBC */ + +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ + EVP_CIPHER_CTX ctx; + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) + return -8275; + + if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) + return -8276; + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -8277; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) + return -8278; + + if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) + return -8279; + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -8280; + + } /* end evp_cipher test */ +#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ + { + /* Test: AES_encrypt/decrypt/set Key */ + AES_KEY enc; + #ifdef HAVE_AES_DECRYPT + AES_KEY dec; + #endif + + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + byte plain[sizeof(msg)]; + byte cipher[sizeof(msg)]; + + AES_set_encrypt_key(key, sizeof(key)*8, &enc); + AES_set_decrypt_key(key, sizeof(key)*8, &dec); + + AES_encrypt(msg, cipher, &enc); + + #ifdef HAVE_AES_DECRYPT + AES_decrypt(cipher, plain, &dec); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -8281; + #endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -8282; + } +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + +/* EVP_Cipher with EVP_aes_xxx_ctr() */ +#ifdef WOLFSSL_AES_COUNTER + { + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 + const byte ctrKey[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + const byte ctrCipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + + const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; +#endif + + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ +#ifdef WOLFSSL_AES_192 + const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + const byte ctr192Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr192Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + const byte ctr256Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr256Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 + }; +#endif /* WOLFSSL_AES_256 */ + + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; +#ifdef WOLFSSL_AES_128 + EVP_CIPHER_CTX *p_en; + EVP_CIPHER_CTX *p_de; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8283; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, + AES_BLOCK_SIZE*4) == 0) + return -8284; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8285; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE*4) == 0) + return -8286; + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -8287; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -8288; + + p_en = wolfSSL_EVP_CIPHER_CTX_new(); + if (p_en == NULL) + return -8289; + p_de = wolfSSL_EVP_CIPHER_CTX_new(); + if (p_de == NULL) + return -8290; + + if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8291; + if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, + AES_BLOCK_SIZE*4) == 0) + return -8292; + if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8293; + + if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE*4) == 0) + return -8294; + + wolfSSL_EVP_CIPHER_CTX_free(p_en); + wolfSSL_EVP_CIPHER_CTX_free(p_de); + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -8295; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -8296; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8297; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -8298; + + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8299; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -8300; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -8301; + if (XMEMCMP(cipherBuff, ctrCipher, 9)) + return -8302; + + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -8303; + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -8304; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -8305; + if (XMEMCMP(cipherBuff, oddCipher, 9)) + return -8306; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -8307; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, + AES_BLOCK_SIZE) == 0) + return -8308; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -8309; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE) == 0) + return -8310; + + if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) + return -8311; + if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) + return -8312; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -8313; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, + AES_BLOCK_SIZE) == 0) + return -8314; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -8315; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE) == 0) + return -8316; + + if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) + return -8317; + if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) + return -8318; +#endif /* WOLFSSL_AES_256 */ + } +#endif /* HAVE_AES_COUNTER */ + +#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128) + { + AES_KEY enc; + AES_KEY dec; + + const byte setIv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + }; + + const byte key[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte cipher1[] = + { + 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, + 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, + 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, + 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b + }; + + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51 + }; + + byte cipher[AES_BLOCK_SIZE * 2]; + byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */ + int num = 0; + + XMEMCPY(iv, setIv, sizeof(setIv)); + wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &enc); + wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &dec); + + wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, &enc, iv, + &num, AES_ENCRYPT); + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1)) + return -8319; + + if (num != 15) /* should have used 15 of the 16 bytes */ + return -8320; + + wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1, + cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv, + &num, AES_ENCRYPT); + + if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) + return -8321; + + if (num != 0) + return -8322; + } +#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ + return 0; +} + + +#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ + +int openssl_test(void) +{ + EVP_MD_CTX md_ctx; + testVector a, b, c, d, e, f; + byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */ + + a.inLen = 0; + b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen; + + (void)a; + (void)b; + (void)c; + (void)d; + (void)e; + (void)f; + + /* test malloc / free , 10 is an arbitrary amount of memory chosen */ + { + byte* p; + p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) { + return -8400; + } + XMEMSET(p, 0, 10); + #ifdef WOLFSSL_QT + CRYPTO_free(p); + #else + CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + +#ifndef NO_MD5 + + a.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" + "\x7a"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_md5()); + + EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) + return -8401; + +#endif /* NO_MD5 */ + +#ifndef NO_SHA + + b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaa"; + b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" + "\x53\x99\x5E\x26\xA0"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha1()); + + EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) + return -8402; + +#endif /* NO_SHA */ + +#ifdef WOLFSSL_SHA224 + + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99" + "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA224_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha224()); + + EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) + return -8403; + +#endif /* WOLFSSL_SHA224 */ + + + d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA256_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha256()); + + EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) + return -8404; + +#ifdef WOLFSSL_SHA384 + + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA384_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha384()); + + EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) + return -8405; + +#endif /* WOLFSSL_SHA384 */ + + +#ifdef WOLFSSL_SHA512 + + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" + "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" + "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" + "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" + "\x87\x4b\xe9\x09"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA512_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha512()); + + EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) + return -8406; + +#endif /* WOLFSSL_SHA512 */ +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA3_224_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha3_224()); + + EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) + return -8407; + +#endif /* WOLFSSL_NOSHA3_224 */ + + +#ifndef WOLFSSL_NOSHA3_256 + d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf" + "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad" + "\x1d\x18"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA3_256_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha3_256()); + + EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) + return -8408; +#endif /* WOLFSSL_NOSHA3_256 */ + + + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79\xaa\x7f\xc7"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA3_384_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha3_384()); + + EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) + return -8409; + + + +#ifndef WOLFSSL_NOSHA3_512 + + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55\xf2\x1d\xd1\x85"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA3_512_DIGEST_SIZE; + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit(&md_ctx, EVP_sha3_512()); + + EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); + EVP_DigestFinal(&md_ctx, hash, 0); + + if (XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) + return -8410; + +#endif /* WOLFSSL_NOSHA3_512 */ +#endif /* WOLFSSL_SHA3 */ + +#ifndef NO_MD5 + if (RAND_bytes(hash, sizeof(hash)) != 1) + return -8411; + + c.input = "what do ya want for nothing?"; + c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" + "\x76"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + + HMAC(EVP_md5(), + "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0); + + if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) + return -8412; + +#endif /* NO_MD5 */ + +#ifndef NO_DES3 + { /* des test */ + const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte plain[24]; + byte cipher[24]; + + const_DES_cblock key = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + + DES_cblock iv = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef + }; + + DES_key_schedule sched; + + const byte verify[] = + { + 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, + 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, + 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b + }; + + DES_key_sched(&key, &sched); + + DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT); + DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); + + if (XMEMCMP(plain, vector, sizeof(vector)) != 0) + return -8413; + + if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) + return -8414; + + /* test changing iv */ + DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); + DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); + + if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) + return -8415; + + } /* end des test */ + +#endif /* NO_DES3 */ + +#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) + if (openssl_aes_test() != 0) { + return -8416; + } + +#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) + { /* evp_cipher test: EVP_aes_128_cbc */ + EVP_CIPHER_CTX ctx; + int idx, cipherSz, plainSz; + + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, + 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4, + 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06 + }; + + const byte verify2[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, + 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0, + 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) + return -8417; + + if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0) + return -8418; + + cipherSz = idx; + if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) + return -8419; + cipherSz += idx; + + if ((cipherSz != (int)sizeof(verify)) && + XMEMCMP(cipher, verify, cipherSz)) + return -8420; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) + return -8421; + + /* check partial decrypt (not enough padding for full block) */ + if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, 1) == 0) + return -8422; + + plainSz = idx; + if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) != 0) + return -8423; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) + return -8424; + + if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0) + return -8425; + + plainSz = idx; + if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0) + return -8426; + plainSz += idx; + + if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg))) + return -8427; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) + return -8428; + + if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0) + return -8429; + + cipherSz = idx; + if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) + return -8430; + cipherSz += idx; + + if ((cipherSz != (int)sizeof(verify2)) || + XMEMCMP(cipher, verify2, cipherSz)) + return -8431; + + } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ + +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ + EVP_CIPHER_CTX ctx; + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, + NULL, 1) == 0) + return -8432; + + if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) + return -8433; + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return -8434; + + EVP_CIPHER_CTX_init(&ctx); + if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, + NULL, 0) == 0) + return -8435; + + if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) + return -8436; + + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return -8437; + + } /* end evp_cipher test */ +#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ + +#define OPENSSL_TEST_ERROR (-10000) + + +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ +{ + + /* Test: AES_encrypt/decrypt/set Key */ + AES_KEY enc; +#ifdef HAVE_AES_DECRYPT + AES_KEY dec; +#endif + + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + byte plain[sizeof(msg)]; + byte cipher[sizeof(msg)]; + + printf("openSSL extra test\n") ; + + + AES_set_encrypt_key(key, sizeof(key)*8, &enc); + AES_set_decrypt_key(key, sizeof(key)*8, &dec); + + AES_encrypt(msg, cipher, &enc); + +#ifdef HAVE_AES_DECRYPT + AES_decrypt(cipher, plain, &dec); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR-60; +#endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR-61; +} + +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + +/* EVP_Cipher with EVP_aes_xxx_ctr() */ +#ifdef WOLFSSL_AES_COUNTER +{ + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 + const byte ctrKey[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + const byte ctrCipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + + const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + const byte ctr192Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr192Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + const byte ctr256Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + const byte ctr256Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 + }; +#endif /* WOLFSSL_AES_256 */ + + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; +#ifdef WOLFSSL_AES_128 + EVP_CIPHER_CTX *p_en; + EVP_CIPHER_CTX *p_de; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8438; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, + AES_BLOCK_SIZE*4) == 0) + return -8439; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8440; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE*4) == 0) + return -8441; + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -8442; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -8443; + + p_en = wolfSSL_EVP_CIPHER_CTX_new(); + if(p_en == NULL)return -8444; + p_de = wolfSSL_EVP_CIPHER_CTX_new(); + if(p_de == NULL)return -8445; + + if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8446; + if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, + AES_BLOCK_SIZE*4) == 0) + return -8447; + if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8448; + + if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE*4) == 0) + return -8449; + + wolfSSL_EVP_CIPHER_CTX_free(p_en); + wolfSSL_EVP_CIPHER_CTX_free(p_de); + + if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) + return -8450; + if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) + return -8451; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8452; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -8453; + + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return -8454; + + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -8455; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -8456; + if (XMEMCMP(cipherBuff, ctrCipher, 9)) + return -8457; + + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) + return -8458; + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) + return -8459; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return -8460; + if (XMEMCMP(cipherBuff, oddCipher, 9)) + return -8461; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -8462; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, + AES_BLOCK_SIZE) == 0) + return -8463; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return -8464; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE) == 0) + return -8465; + + if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) + return -8466; + if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) + return -8467; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -8468; + if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, + AES_BLOCK_SIZE) == 0) + return -8469; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return -8470; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, + AES_BLOCK_SIZE) == 0) + return -8471; + + if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) + return -8472; + if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) + return -8473; +#endif /* WOLFSSL_AES_256 */ +} +#endif /* HAVE_AES_COUNTER */ + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +{ + /* EVP_CipherUpdate test */ + + + const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + EVP_CIPHER_CTX en; + EVP_CIPHER_CTX de; + int outlen ; + int total = 0; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8474; + /* openSSL compatibility, if(inlen == 0)return 1; */ + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 0) != 1) + return -8475; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return -8476; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 9) == 0) + return -8477; + if(outlen != 0) + return -8478; + total += outlen; + + if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[9] , 9) == 0) + return -8479; + if(outlen != 16) + return -8480; + total += outlen; + + if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -8481; + if(outlen != 16) + return -8482; + total += outlen; + if(total != 32) + return -8483; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_CipherInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8484; + + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + return -8485; + if(outlen != 0) + return -8486; + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6], 12) == 0) + return -8487; + if(outlen != 0) + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6+12], 14) == 0) + return -8488; + if(outlen != 16) + return -8489; + total += outlen; + + if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -8490; + if(outlen != 2) + return -8491; + total += outlen; + + if(total != 18) + return -8492; + + if (XMEMCMP(plain, cbcPlain, 18)) + return -8493; + + total = 0; + EVP_CIPHER_CTX_init(&en); + if (EVP_EncryptInit(&en, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv) == 0) + return -8494; + if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) + return -8495; + if(outlen != 0) + return -8496; + total += outlen; + + if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) + return -8497; + if(outlen != 16) + return -8498; + total += outlen; + + if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0) + return -8499; + if(outlen != 16) + return -8500; + total += outlen; + if(total != 32) + return 3438; + + total = 0; + EVP_CIPHER_CTX_init(&de); + if (EVP_DecryptInit(&de, EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv) == 0) + return -8501; + + if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + return -8502; + if(outlen != 0) + return -8503; + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) + return -8504; + if(outlen != 0) + total += outlen; + + if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) + return -8505; + if(outlen != 16) + return -8506; + total += outlen; + + if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0) + return -8507; + if(outlen != 2) + return -8508; + total += outlen; + + if(total != 18) + return 3447; + + if (XMEMCMP(plain, cbcPlain, 18)) + return -8509; + + if (EVP_CIPHER_key_length(NULL) != 0) + return -8510; + + if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16) + return -8511; + + if (EVP_CIPHER_CTX_mode(NULL) != 0) + return -8512; + + if (EVP_CIPHER_CTX_mode(&en) != (en.flags & WOLFSSL_EVP_CIPH_MODE)) + return -8513; + + EVP_CIPHER_CTX_init(&en); + if (EVP_CipherInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return -8514; + + EVP_CIPHER_CTX_init(&en); + if (EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + return -8515; + + if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -8516; + + if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -8517; + + EVP_CIPHER_CTX_init(&de); + if (EVP_DecryptInit_ex(&de, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + return -8518; + + if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -8519; + + if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) + return -8520; + + if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) + return -8521; + + EVP_CIPHER_CTX_init(&en); + EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv); + if (EVP_CIPHER_CTX_block_size(&en) != en.block_size) + return -8522; + + if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG) + return -8523; + + if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE) + return -8524; + + if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0) + return -8525; + + if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE) + return -8526; + + EVP_CIPHER_CTX_clear_flags(&en, 0xFFFFFFFF); + EVP_CIPHER_CTX_set_flags(&en, 42); + if (en.flags != 42) + return -8527; + + if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG) + return -8528; + if (EVP_CIPHER_CTX_set_padding(&en, 0) != WOLFSSL_SUCCESS) + return -8529; + if (EVP_CIPHER_CTX_set_padding(&en, 1) != WOLFSSL_SUCCESS) + return -8530; + + } +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ +#endif /* ifndef NO_AES */ + return 0; +} + +int openSSL_evpMD_test(void) +{ + int ret = 0; +#if !defined(NO_SHA256) && !defined(NO_SHA) + WOLFSSL_EVP_MD_CTX* ctx; + WOLFSSL_EVP_MD_CTX* ctx2; + + ctx = EVP_MD_CTX_create(); + ctx2 = EVP_MD_CTX_create(); + + ret = EVP_DigestInit(ctx, EVP_sha256()); + if (ret != SSL_SUCCESS) { + ret = -8600; + goto openSSL_evpMD_test_done; + } + + ret = EVP_MD_CTX_copy(ctx2, ctx); + if (ret != SSL_SUCCESS) { + ret = -8601; + goto openSSL_evpMD_test_done; + } + + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { + ret = -8602; + goto openSSL_evpMD_test_done; + } + + ret = EVP_DigestInit(ctx, EVP_sha1()); + if (ret != SSL_SUCCESS) { + ret = -8603; + goto openSSL_evpMD_test_done; + } + + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { + ret = -8604; + goto openSSL_evpMD_test_done; + } + + ret = EVP_MD_CTX_copy_ex(ctx2, ctx); + if (ret != SSL_SUCCESS) { + ret = -8605; + goto openSSL_evpMD_test_done; + } + + if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { + ret = -8606; + goto openSSL_evpMD_test_done; + } + + if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { + ret = -8607; + goto openSSL_evpMD_test_done; + } + + if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) { + ret = -8608; + goto openSSL_evpMD_test_done; + } + + if (EVP_add_digest(NULL) != 0) { + ret = -8609; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_add_cipher(NULL) != 0) { + ret = -8610; + goto openSSL_evpMD_test_done; + } + + ret = 0; /* got to success state without jumping to end with a fail */ + +openSSL_evpMD_test_done: + EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctx2); +#endif /* NO_SHA256 */ + + return ret; +} + +#ifdef DEBUG_SIGN +static void show(const char *title, const char *p, unsigned int s) { + char* i; + printf("%s: ", title); + for (i = p; + i < p + s; + printf("%c", *i), i++); + printf("\n"); +} +#else +#define show(a,b,c) +#endif + +#define FOURK_BUFF 4096 + +#define ERR_BASE_PKEY -5000 +int openssl_pkey0_test(void) +{ + int ret = 0; +#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA) + byte* prvTmp; + byte* pubTmp; + int prvBytes; + int pubBytes; + RSA *prvRsa = NULL; + RSA *pubRsa = NULL; + EVP_PKEY *prvPkey = NULL; + EVP_PKEY *pubPkey = NULL; + EVP_PKEY_CTX *enc = NULL; + EVP_PKEY_CTX *dec = NULL; + + byte in[] = "Everyone gets Friday off."; + byte out[256]; + size_t outlen; + size_t keySz; + byte plain[256]; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE keyFile; + XFILE keypubFile; + char cliKey[] = "./certs/client-key.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; + +#endif + + prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (prvTmp == NULL) + return ERR_BASE_PKEY-1; + pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return ERR_BASE_PKEY-2; + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); + prvBytes = sizeof_client_key_der_1024; + XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + pubBytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); + prvBytes = sizeof_client_key_der_2048; + XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + pubBytes = sizeof_client_keypub_der_2048; +#else + keyFile = XFOPEN(cliKey, "rb"); + if (!keyFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", ERR_BASE_PKEY-3); + return ERR_BASE_PKEY-3; + } + prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); + XFCLOSE(keyFile); + keypubFile = XFOPEN(cliKeypub, "rb"); + if (!keypubFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-cert.der, " + "Please run from wolfSSL home dir", -4); + return ERR_BASE_PKEY-4; + } + pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); + XFCLOSE(keypubFile); +#endif /* USE_CERT_BUFFERS */ + + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + printf("error with RSA_new\n"); + ret = ERR_BASE_PKEY-10; + goto openssl_pkey0_test_done; + } + + ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + if(ret != SSL_SUCCESS){ + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-11; + goto openssl_pkey0_test_done; + } + + ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + if(ret != SSL_SUCCESS){ + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-12; + goto openssl_pkey0_test_done; + } + keySz = (size_t)RSA_size(pubRsa); + + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + printf("error with PKEY_new\n"); + ret = ERR_BASE_PKEY-13; + goto openssl_pkey0_test_done; + } + ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if(ret != 2){ + printf("error with PKEY_set1_RSA\n"); + ret = ERR_BASE_PKEY-14; + goto openssl_pkey0_test_done; + } + + dec = EVP_PKEY_CTX_new(prvPkey, NULL); + enc = EVP_PKEY_CTX_new(pubPkey, NULL); + if((dec == NULL)||(enc==NULL)){ + printf("error with EVP_PKEY_CTX_new\n"); + ret = ERR_BASE_PKEY-15; + goto openssl_pkey0_test_done; + } + + ret = EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + ret = ERR_BASE_PKEY-16; + goto openssl_pkey0_test_done; + } + ret = EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + ret = ERR_BASE_PKEY-17; + goto openssl_pkey0_test_done; + } + XMEMSET(out, 0, sizeof(out)); + ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret != 1) { + printf("error encrypting msg\n"); + ret = ERR_BASE_PKEY-18; + goto openssl_pkey0_test_done; + } + + show("encrypted msg", out, outlen); + + XMEMSET(plain, 0, sizeof(plain)); + ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); + if (ret != 1) { + printf("error decrypting msg\n"); + ret = ERR_BASE_PKEY-19; + goto openssl_pkey0_test_done; + } + show("decrypted msg", plain, outlen); + + /* RSA_PKCS1_OAEP_PADDING test */ + ret = EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + ret = ERR_BASE_PKEY-30; + goto openssl_pkey0_test_done; + } + ret = EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + ret = ERR_BASE_PKEY-31; + goto openssl_pkey0_test_done; + } + + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { + printf("first set rsa padding error\n"); + ret = ERR_BASE_PKEY-32; + goto openssl_pkey0_test_done; + } + +#ifndef HAVE_FIPS + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ + printf("second set rsa padding error\n"); + ret = ERR_BASE_PKEY-33; + goto openssl_pkey0_test_done; + } + + if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { + printf("third set rsa padding error\n"); + ret = ERR_BASE_PKEY-34; + goto openssl_pkey0_test_done; + } +#endif + + XMEMSET(out, 0, sizeof(out)); + ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret != 1) { + printf("error encrypting msg\n"); + ret = ERR_BASE_PKEY-35; + goto openssl_pkey0_test_done; + } + + show("encrypted msg", out, outlen); + + XMEMSET(plain, 0, sizeof(plain)); + ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); + if (ret != 1) { + printf("error decrypting msg\n"); + ret = ERR_BASE_PKEY-36; + goto openssl_pkey0_test_done; + } + + show("decrypted msg", plain, outlen); + + ret = 0; /* made it to this point without error then set success */ +openssl_pkey0_test_done: + + wolfSSL_RSA_free(prvRsa); + wolfSSL_RSA_free(pubRsa); + EVP_PKEY_free(pubPkey); + EVP_PKEY_free(prvPkey); + EVP_PKEY_CTX_free(dec); + EVP_PKEY_CTX_free(enc); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* NO_RSA */ + + return ret; +} + + +int openssl_pkey1_test(void) +{ + int ret = 0; +#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ + !defined(NO_SHA) + EVP_PKEY_CTX* dec = NULL; + EVP_PKEY_CTX* enc = NULL; + EVP_PKEY* pubKey = NULL; + EVP_PKEY* prvKey = NULL; + X509* x509; + + const unsigned char msg[] = "sugar slapped"; + const unsigned char* clikey; + unsigned char tmp[FOURK_BUF]; + long cliKeySz; + unsigned char cipher[RSA_TEST_BYTES]; + unsigned char plain[RSA_TEST_BYTES]; + size_t outlen; + int keyLenBits = 2048; + +#if defined(USE_CERT_BUFFERS_1024) + XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); + cliKeySz = (long)sizeof_client_key_der_1024; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024, + sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1); + keyLenBits = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); + cliKeySz = (long)sizeof_client_key_der_2048; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072); + cliKeySz = (long)sizeof_client_key_der_3072; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072, + sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1); + keyLenBits = 3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096); + cliKeySz = (long)sizeof_client_key_der_4096; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096, + sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1); + keyLenBits = 4096; +#else + XFILE f; + + f = XFOPEN(clientKey, "rb"); + + if (!f) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -41); + return -8800; + } + + cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f); + XFCLOSE(f); + + /* using existing wolfSSL api to get public and private key */ + x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1); +#endif /* USE_CERT_BUFFERS */ + clikey = tmp; + + if ((prvKey = EVP_PKEY_new()) == NULL) { + return -8801; + } + EVP_PKEY_free(prvKey); + prvKey = NULL; + + if (x509 == NULL) { + ret = -8802; + goto openssl_pkey1_test_done; + } + + pubKey = X509_get_pubkey(x509); + if (pubKey == NULL) { + ret = -8803; + goto openssl_pkey1_test_done; + } + + prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz); + if (prvKey == NULL) { + ret = -8804; + goto openssl_pkey1_test_done; + } + + /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ + if (EVP_PKEY_bits(prvKey) != keyLenBits) { + ret = -8805; + goto openssl_pkey1_test_done; + } + + if (EVP_PKEY_size(prvKey) != keyLenBits/8) { + ret = -8806; + goto openssl_pkey1_test_done; + } + + dec = EVP_PKEY_CTX_new(prvKey, NULL); + enc = EVP_PKEY_CTX_new(pubKey, NULL); + if (dec == NULL || enc == NULL) { + ret = -8807; + goto openssl_pkey1_test_done; + } + + if (EVP_PKEY_decrypt_init(dec) != 1) { + ret = -8808; + goto openssl_pkey1_test_done; + } + + if (EVP_PKEY_encrypt_init(enc) != 1) { + ret = -8809; + goto openssl_pkey1_test_done; + } + + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { + ret = -8810; + goto openssl_pkey1_test_done; + } + +#ifndef HAVE_FIPS + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ + ret = -8811; + goto openssl_pkey1_test_done; + } + + if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { + ret = -8812; + goto openssl_pkey1_test_done; + } +#endif + + XMEMSET(cipher, 0, sizeof(cipher)); + outlen = keyLenBits/8; + if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { + ret = -8813; + goto openssl_pkey1_test_done; + } + + XMEMSET(plain, 0, sizeof(plain)); + if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) { + ret = -8814; + goto openssl_pkey1_test_done; + } + +openssl_pkey1_test_done: + if (pubKey != NULL) { + EVP_PKEY_free(pubKey); + } + if (prvKey != NULL) { + EVP_PKEY_free(prvKey); + } + if (dec != NULL) { + EVP_PKEY_CTX_free(dec); + } + if (enc != NULL) { + EVP_PKEY_CTX_free(enc); + } + if (x509 != NULL) { + X509_free(x509); + } + +#endif + return ret; +} + + +#define ERR_BASE_EVPSIG -5100 + +int openssl_evpSig_test(void) +{ +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA) + byte* prvTmp; + byte* pubTmp; + int prvBytes; + int pubBytes; + RSA *prvRsa; + RSA *pubRsa; + EVP_PKEY *prvPkey; + EVP_PKEY *pubPkey; + + EVP_MD_CTX* sign; + EVP_MD_CTX* verf; + char msg[] = "see spot run"; + unsigned char sig[256]; + unsigned int sigSz; + const void* pt; + unsigned int count; + int ret, ret1, ret2; + + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE keyFile; + XFILE keypubFile; + char cliKey[] = "./certs/client-key.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; + #endif + + prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (prvTmp == NULL) + return ERR_BASE_EVPSIG-1; + pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ERR_BASE_EVPSIG-2; + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); + prvBytes = sizeof_client_key_der_1024; + XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + pubBytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); + prvBytes = sizeof_client_key_der_2048; + XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + pubBytes = sizeof_client_keypub_der_2048; +#else + keyFile = XFOPEN(cliKey, "rb"); + if (!keyFile) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -40); + return ERR_BASE_EVPSIG-3; + } + prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); + XFCLOSE(keyFile); + keypubFile = XFOPEN(cliKeypub, "rb"); + if (!keypubFile) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-cert.der, " + "Please run from wolfSSL home dir", -41); + return ERR_BASE_EVPSIG-4; + } + pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); + XFCLOSE(keypubFile); + #endif /* USE_CERT_BUFFERS */ + + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + err_sys("ERROR with RSA_new", -8900); + return ERR_BASE_EVPSIG-5; + } + + ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ + printf("error with RSA_LoadDer_ex\n"); + return ERR_BASE_EVPSIG-6; + } + + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + printf("error with KEY_new\n"); + return ERR_BASE_EVPSIG-7; + } + ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if((ret1 != 1) || (ret2 != 1)){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + printf("error with EVP_PKEY_set1_RSA\n"); + return ERR_BASE_EVPSIG-8; + } + + /****************** sign and verify *******************/ + sign = EVP_MD_CTX_create(); + verf = EVP_MD_CTX_create(); + if((sign == NULL)||(verf == NULL)){ + printf("error with EVP_MD_CTX_create\n"); + return ERR_BASE_EVPSIG-10; + } + + ret = EVP_SignInit(sign, EVP_sha1()); + if(ret != SSL_SUCCESS){ + printf("error with EVP_SignInit\n"); + return ERR_BASE_EVPSIG-11; + } + + count = sizeof(msg); + show("message = ", (char *)msg, count); + + /* sign */ + XMEMSET(sig, 0, sizeof(sig)); + pt = (const void*)msg; + ret1 = EVP_SignUpdate(sign, pt, count); + ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); + if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ + printf("error with EVP_MD_CTX_create\n"); + return ERR_BASE_EVPSIG-12; + } + show("signature = ", (char *)sig, sigSz); + + /* verify */ + pt = (const void*)msg; + ret1 = EVP_VerifyInit(verf, EVP_sha1()); + ret2 = EVP_VerifyUpdate(verf, pt, count); + if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ + printf("error with EVP_Verify\n"); + return ERR_BASE_EVPSIG-13; + } + if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + printf("error with EVP_VerifyFinal\n"); + return ERR_BASE_EVPSIG-14; + } + + /* expect fail without update */ + EVP_VerifyInit(verf, EVP_sha1()); + if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + printf("EVP_VerifyInit without update not detected\n"); + return ERR_BASE_EVPSIG-15; + } + + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + EVP_MD_CTX_destroy(sign); + EVP_MD_CTX_destroy(verf); + + wolfSSL_RSA_free(prvRsa); + wolfSSL_RSA_free(pubRsa); + EVP_PKEY_free(pubPkey); + EVP_PKEY_free(prvPkey); + +#endif /* NO_RSA */ + return 0; +} +#endif /* OPENSSL_EXTRA */ + + +#ifndef NO_PWDBASED +#ifdef HAVE_SCRYPT +/* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */ +int scrypt_test(void) +{ + int ret; + byte derived[64]; + + const byte verify1[] = { + 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20, + 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97, + 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8, + 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42, + 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8, + 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17, + 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28, + 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06 + }; + const byte verify2[] = { + 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, + 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, + 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, + 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, + 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, + 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, + 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, + 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 + }; +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) + const byte verify3[] = { + 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, + 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, + 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, + 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2, + 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf, + 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9, + 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40, + 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87 + }; +#endif +#ifdef SCRYPT_TEST_ALL + /* Test case is very slow. + * Use for confirmation after code change or new platform. + */ + const byte verify4[] = { + 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, + 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, + 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, + 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47, + 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f, + 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3, + 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb, + 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4 + }; +#endif + + ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); + if (ret != 0) + return -9000; + if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) + return -9001; + + ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, + sizeof(verify2)); + if (ret != 0) + return -9002; + if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) + return -9003; + + /* Don't run these test on embedded, since they use large mallocs */ +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) + ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); + if (ret != 0) + return -9004; + if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) + return -9005; + +#ifdef SCRYPT_TEST_ALL + ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); + if (ret != 0) + return -9006; + if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) + return -9007; +#endif +#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ + + ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10, + 8, 16, sizeof(verify2)); + if (ret != 0) + return -9008; + if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) + return -9009; + + return 0; +} +#endif + +#ifdef HAVE_PKCS12 +int pkcs12_test(void) +{ + const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 }; + const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; + + const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 }; + const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; + byte derived[64]; + + const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + + const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + + int id = 1; + int kLen = 24; + int iterations = 1; + int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, + iterations, kLen, WC_SHA256, id); + + if (ret < 0) + return -9100; + + if ( (ret = XMEMCMP(derived, verify, kLen)) != 0) + return -9101; + + iterations = 1000; + ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, + iterations, kLen, WC_SHA256, id); + if (ret < 0) + return -9102; + + ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, + iterations, kLen, WC_SHA256, id, HEAP_HINT); + if (ret < 0) + return -9103; + + if ( (ret = XMEMCMP(derived, verify2, 24)) != 0) + return -9104; + + return 0; +} +#endif /* HAVE_PKCS12 */ + +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) +int pbkdf2_test(void) +{ + char passwd[] = "passwordpassword"; + const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; + int iterations = 2048; + int kLen = 24; + byte derived[64]; + + const byte verify[] = { + 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, + 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 + }; + + int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt, + (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId); + if (ret != 0) + return ret; + + if (XMEMCMP(derived, verify, sizeof(verify)) != 0) + return -9200; + + return 0; + +} +#endif /* HAVE_PBKDF2 && !NO_SHA256 */ + +#if defined(HAVE_PBKDF1) && !defined(NO_SHA) +int pbkdf1_test(void) +{ + char passwd[] = "password"; + const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; + int iterations = 1000; + int kLen = 16; + byte derived[16]; + + const byte verify[] = { + 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, + 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20 + }; + + int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd, + (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA, + HEAP_HINT); + if (ret != 0) + return ret; + + if (XMEMCMP(derived, verify, sizeof(verify)) != 0) + return -9300; + + return 0; +} +#endif /* HAVE_PBKDF2 && !NO_SHA */ + +int pwdbased_test(void) +{ + int ret = 0; + +#if defined(HAVE_PBKDF1) && !defined(NO_SHA) + ret = pbkdf1_test(); + if (ret != 0) + return ret; +#endif +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) + ret = pbkdf2_test(); + if (ret != 0) + return ret; +#endif +#ifdef HAVE_PKCS12 + ret = pkcs12_test(); + if (ret != 0) + return ret; +#endif +#ifdef HAVE_SCRYPT + ret = scrypt_test(); + if (ret != 0) + return ret; +#endif + return ret; +} + +#endif /* NO_PWDBASED */ + +#if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256)) + +int hkdf_test(void) +{ + int ret; + int L = 42; + byte okm1[42]; + byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9 }; + byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, + 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, + 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, + 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, + 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, + 0x49, 0x18 }; + byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, + 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, + 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, + 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, + 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, + 0xf8, 0x96 }; + byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, + 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, + 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, + 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, + 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, + 0x96, 0xc8 }; + byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; + + (void)res1; + (void)res2; + (void)res3; + (void)res4; + (void)salt1; + (void)info1; + +#ifndef NO_SHA + ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); + if (ret != 0) + return -9500; + + if (XMEMCMP(okm1, res1, L) != 0) + return -9501; + +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ + ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); + if (ret != 0) + return -9502; + + if (XMEMCMP(okm1, res2, L) != 0) + return -9503; +#endif /* HAVE_FIPS */ +#endif /* NO_SHA */ + +#ifndef NO_SHA256 + ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); + if (ret != 0) + return -9504; + + if (XMEMCMP(okm1, res3, L) != 0) + return -9505; + +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ + ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); + if (ret != 0) + return -9506; + + if (XMEMCMP(okm1, res4, L) != 0) + return -9507; +#endif /* HAVE_FIPS */ +#endif /* NO_SHA256 */ + + return 0; +} + +#endif /* HAVE_HKDF */ + + +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) + +int x963kdf_test(void) +{ + int ret; + byte kek[128]; + +#ifndef NO_SHA + /* SHA-1, COUNT = 0 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + const byte Z[] = { + 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d, + 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e, + 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd + }; + + const byte verify[] = { + 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22, + 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc + }; +#endif + +#ifndef NO_SHA256 + /* SHA-256, COUNT = 3 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + const byte Z2[] = { + 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c, + 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b, + 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c + }; + + const byte verify2[] = { + 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a, + 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84 + }; +#endif + +#ifdef WOLFSSL_SHA512 + /* SHA-512, COUNT = 0 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + const byte Z3[] = { + 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b, + 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30, + 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82 + }; + + const byte verify3[] = { + 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53, + 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45 + }; + + /* SHA-512, COUNT = 0 + * shared secret length: 521 + * SharedInfo length: 128 + * key data length: 1024 + */ + const byte Z4[] = { + 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, + 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f, + 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, + 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, + 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd, + 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, + 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, + 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0, + 0x5a, 0x2d + }; + + const byte info4[] = { + 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, + 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31 + }; + + const byte verify4[] = { + 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, + 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85, + 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, + 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, + 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3, + 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, + 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, + 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26, + 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, + 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, + 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2, + 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, + 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, + 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17, + 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, + 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 + }; +#endif + +#ifndef NO_SHA + ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, + kek, sizeof(verify)); + if (ret != 0) + return -9600; + + if (XMEMCMP(verify, kek, sizeof(verify)) != 0) + return -9601; +#endif + +#ifndef NO_SHA256 + ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, + kek, sizeof(verify2)); + if (ret != 0) + return -9602; + + if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) + return -9603; +#endif + +#ifdef WOLFSSL_SHA512 + ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, + kek, sizeof(verify3)); + if (ret != 0) + return -9604; + + if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) + return -9605; + + ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, + sizeof(info4), kek, sizeof(verify4)); + if (ret != 0) + return -9606; + + if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) + return -9607; +#endif + + return 0; +} + +#endif /* HAVE_X963_KDF */ + + +#ifdef HAVE_ECC + +#ifdef BENCH_EMBEDDED + #define ECC_SHARED_SIZE 128 +#else + #define ECC_SHARED_SIZE MAX_ECC_BYTES +#endif +#define ECC_DIGEST_SIZE MAX_ECC_BYTES +#define ECC_SIG_SIZE ECC_MAX_SIG_SIZE + +#ifndef NO_ECC_VECTOR_TEST + #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\ + !defined(NO_ECC256) || defined(HAVE_ECC384) ||\ + defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #define HAVE_ECC_VECTOR_TEST + #endif +#endif + +#ifdef HAVE_ECC_VECTOR_TEST +typedef struct eccVector { + const char* msg; /* SHA-1 Encoded Message */ + const char* Qx; + const char* Qy; + const char* d; /* Private Key */ + const char* R; + const char* S; + const char* curveName; + word32 msgLen; + word32 keySize; +#ifndef NO_ASN + const byte* r; + word32 rSz; + const byte* s; + word32 sSz; +#endif +} eccVector; + +static int ecc_test_vector_item(const eccVector* vector) +{ + int ret = 0, verify = 0; + word32 sigSz; + ecc_key userA; + DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + word32 sigRawSz; + DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); +#endif + + ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); + if (ret != 0) { + FREE_VAR(sig, HEAP_HINT); + return ret; + } + + ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, + vector->d, vector->curveName); + if (ret != 0) + goto done; + + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); + if (ret != 0) + goto done; + +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + XMEMSET(sigRaw, 0, ECC_SIG_SIZE); + sigRawSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, + sigRaw, &sigRawSz); + if (ret != 0) + goto done; + + if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { + ret = -9608; + goto done; + } +#endif + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, + vector->msgLen, &verify, &userA); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + TEST_SLEEP(); + + if (verify != 1) + ret = -9609; + +done: + wc_ecc_free(&userA); + +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + FREE_VAR(sigRaw, HEAP_HINT); +#endif + FREE_VAR(sig, HEAP_HINT); + + return ret; +} + +static int ecc_test_vector(int keySize) +{ + int ret; + eccVector vec; + + XMEMSET(&vec, 0, sizeof(vec)); + vec.keySize = (word32)keySize; + + switch(keySize) { + +#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) + case 14: + return 0; +#endif /* HAVE_ECC112 */ +#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) + case 16: + return 0; +#endif /* HAVE_ECC128 */ +#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) + case 20: + return 0; +#endif /* HAVE_ECC160 */ + +#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) + case 24: + /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b" + "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4" + "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf" + "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a" + "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd" + "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5" + "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" + "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; + vec.msgLen = 128; + #endif + vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + vec.curveName = "SECP192R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" + "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; + vec.rSz = 24; + vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" + "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; + vec.sSz = 24; + #endif + break; +#endif /* HAVE_ECC192 */ + +#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + case 28: + /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47" + "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99" + "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64" + "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97" + "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf" + "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e" + "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" + "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; + vec.msgLen = 128; + #endif + vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + vec.curveName = "SECP224R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" + "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" + "\xbc\x16\x71\xa7"; + vec.rSz = 28; + vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" + "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" + "\x6a\xf3\xad\x5b"; + vec.sSz = 28; + #endif + break; +#endif /* HAVE_ECC224 */ + +#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + case 30: + return 0; +#endif /* HAVE_ECC239 */ + +#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + case 32: + /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd" + "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56" + "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72" + "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4" + "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84" + "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a" + "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73" + "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" + vec.msgLen = 128; + #endif + vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; + vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + #ifndef NO_ASN + vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" + "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" + "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; + vec.rSz = 32; + vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" + "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" + "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; + vec.sSz = 32; + #endif + vec.curveName = "SECP256R1"; + break; +#endif /* !NO_ECC256 */ + +#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + case 40: + return 0; +#endif /* HAVE_ECC320 */ + +#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + case 48: + /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47" + "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16" + "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf" + "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba" + "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d" + "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a" + "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3" + "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" + vec.msgLen = 128; + #endif + vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; + vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; + vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; + vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; + vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; + vec.curveName = "SECP384R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" + "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" + "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" + "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; + vec.rSz = 48; + vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" + "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" + "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" + "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; + vec.sSz = 48; + #endif + break; +#endif /* HAVE_ECC384 */ + +#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + case 64: + return 0; +#endif /* HAVE_ECC512 */ + +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + case 66: + /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33" + "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21" + "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a" + "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e" + "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16" + "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda" + "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73" + "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" + vec.msgLen = 128; + #endif + vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; + vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; + vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; + vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; + vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; + vec.curveName = "SECP521R1"; + #ifndef NO_ASN + vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77" + "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf" + "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c" + "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac" + "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba" + "\x0a\xa3\xbb\x15\x21\xbe"; + vec.rSz = 66; + vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3" + "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd" + "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13" + "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79" + "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b" + "\x6c\x3d\x22\xf2\x48\x0c"; + vec.sSz = 66; + #endif + break; +#endif /* HAVE_ECC521 */ + default: + return NOT_COMPILED_IN; /* Invalid key size / Not supported */ + }; /* Switch */ + + ret = ecc_test_vector_item(&vec); + if (ret < 0) { + return ret; + } + + return 0; +} + +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) +static int ecc_test_sign_vectors(WC_RNG* rng) +{ + int ret; + ecc_key key; + byte sig[72]; + word32 sigSz; + unsigned char hash[32] = "test wolfSSL deterministic sign"; + const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; + const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; + const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; + const byte k[1] = { 0x02 }; + const byte expSig[71] = { + 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18, + 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03, + 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2, + 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc, + 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8, + 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53, + 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f, + 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf, + 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81 + }; + + ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return ret; + } + ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1"); + if (ret != 0) { + goto done; + } + + ret = wc_ecc_sign_set_k(k, sizeof(k), &key); + if (ret != 0) { + goto done; + } + + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + if (sigSz != sizeof(expSig)) { + ret = -9610; + goto done; + } + if (XMEMCMP(sig, expSig, sigSz) != 0) { + ret = -9611; + goto done; + } + + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + +done: + wc_ecc_free(&key); + return ret; +} +#endif + +#ifdef HAVE_ECC_CDH +static int ecc_test_cdh_vectors(void) +{ + int ret; + ecc_key pub_key, priv_key; + byte sharedA[32] = {0}, sharedB[32] = {0}; + word32 x, z; + + const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287"; + const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac"; + const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; + const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; + const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; + const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b"; + + /* setup private and public keys */ + ret = wc_ecc_init_ex(&pub_key, HEAP_HINT, devId); + if (ret != 0) + return ret; + ret = wc_ecc_init_ex(&priv_key, HEAP_HINT, devId); + if (ret != 0) { + wc_ecc_free(&pub_key); + return ret; + } + wc_ecc_set_flags(&pub_key, WC_ECC_FLAG_COFACTOR); + wc_ecc_set_flags(&priv_key, WC_ECC_FLAG_COFACTOR); + ret = wc_ecc_import_raw(&pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1"); + if (ret != 0) + goto done; + ret = wc_ecc_import_raw(&priv_key, QIUTx, QIUTy, dIUT, "SECP256R1"); + if (ret != 0) + goto done; + + /* compute ECC Cofactor shared secret */ + x = sizeof(sharedA); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &priv_key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&priv_key, &pub_key, sharedA, &x); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + /* read in expected Z */ + z = sizeof(sharedB); + ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z); + if (ret != 0) + goto done; + + /* compare results */ + if (x != z || XMEMCMP(sharedA, sharedB, x)) { + ERROR_OUT(-9612, done); + } + +done: + wc_ecc_free(&priv_key); + wc_ecc_free(&pub_key); + return ret; +} +#endif /* HAVE_ECC_CDH */ +#endif /* HAVE_ECC_VECTOR_TEST */ + +#ifdef HAVE_ECC_KEY_IMPORT +/* returns 0 on success */ +static int ecc_test_make_pub(WC_RNG* rng) +{ + ecc_key key; + unsigned char* exportBuf; + unsigned char* tmp; + unsigned char msg[] = "test wolfSSL ECC public gen"; + word32 x, tmpSz; + int ret = 0; + ecc_point* pubPoint = NULL; +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) + ecc_key pub; +#endif +#ifdef HAVE_ECC_VERIFY + int verify = 0; +#endif +#ifndef USE_CERT_BUFFERS_256 + XFILE file; +#endif + + wc_ecc_init_ex(&key, HEAP_HINT, devId); + +#ifdef USE_CERT_BUFFERS_256 + tmp = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + return -9613; + } + exportBuf = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (exportBuf == NULL) { + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -9614; + } + XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); + tmpSz = (size_t)sizeof_ecc_key_der_256; +#else + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + return -9615; + } + exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (exportBuf == NULL) { + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -9616; + } + file = XFOPEN(eccKeyDerFile, "rb"); + if (!file) { + ERROR_OUT(-9617, done); + } + + tmpSz = (word32)XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#endif /* USE_CERT_BUFFERS_256 */ + + /* import private only then test with */ + ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); + if (ret == 0) { + ERROR_OUT(-9618, done); + } + + ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key); + if (ret == 0) { + ERROR_OUT(-9619, done); + } + + x = 0; + ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz); + if (ret != 0) { + ERROR_OUT(-9620, done); + } + +#ifdef HAVE_ECC_KEY_EXPORT + x = FOURK_BUF; + ret = wc_ecc_export_private_only(&key, exportBuf, &x); + if (ret != 0) { + ERROR_OUT(-9621, done); + } + + /* make private only key */ + wc_ecc_free(&key); + wc_ecc_init_ex(&key, HEAP_HINT, devId); + ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); + if (ret != 0) { + ERROR_OUT(-9622, done); + } + + x = FOURK_BUF; + ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(-9623, done); + } + +#endif /* HAVE_ECC_KEY_EXPORT */ + + ret = wc_ecc_make_pub(NULL, NULL); + if (ret == 0) { + ERROR_OUT(-9624, done); + } + TEST_SLEEP(); + + pubPoint = wc_ecc_new_point_h(HEAP_HINT); + if (pubPoint == NULL) { + ERROR_OUT(-9625, done); + } + + ret = wc_ecc_make_pub(&key, pubPoint); + if (ret != 0) { + ERROR_OUT(-9626, done); + } + + TEST_SLEEP(); + +#ifdef HAVE_ECC_KEY_EXPORT + /* export should still fail, is private only key */ + x = FOURK_BUF; + ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(-9627, done); + } +#endif /* HAVE_ECC_KEY_EXPORT */ +#if defined(WOLFSSL_CRYPTOCELL) + /* create a new key since building private key from public key is unsupported */ + ret = wc_ecc_make_key(rng, 32, &key); + if (ret == 0) { + ERROR_OUT(-9628, done); + } +#endif +#ifdef HAVE_ECC_SIGN + tmpSz = FOURK_BUF; + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(msg, sizeof(msg), tmp, &tmpSz, rng, &key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + ERROR_OUT(-9629, done); + } + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + /* try verify with private only key */ + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(tmp, tmpSz, msg, sizeof(msg), &verify, &key); + } while (ret == WC_PENDING_E); + if (ret != 0) { + ERROR_OUT(-9630, done); + } + + if (verify != 1) { + ERROR_OUT(-9631, done); + } + TEST_SLEEP(); +#ifdef HAVE_ECC_KEY_EXPORT + /* exporting the public part should now work */ + x = FOURK_BUF; + ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); + if (ret != 0) { + ERROR_OUT(-9632, done); + } +#endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* HAVE_ECC_VERIFY */ + +#endif /* HAVE_ECC_SIGN */ + +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) + /* now test private only key with creating a shared secret */ + x = FOURK_BUF; + ret = wc_ecc_export_private_only(&key, exportBuf, &x); + if (ret != 0) { + ERROR_OUT(-9633, done); + } + + /* make private only key */ + wc_ecc_free(&key); + wc_ecc_init_ex(&key, HEAP_HINT, devId); + ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); + if (ret != 0) { + ERROR_OUT(-9634, done); + } + + /* check that public export fails with private only key */ + x = FOURK_BUF; + ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(-9635, done); + } + + /* make public key for shared secret */ + wc_ecc_init_ex(&pub, HEAP_HINT, devId); + ret = wc_ecc_make_key(rng, 32, &pub); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-9636, done); + } + TEST_SLEEP(); + + x = FOURK_BUF; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) { + ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x); + } + } while (ret == WC_PENDING_E); + wc_ecc_free(&pub); + if (ret != 0) { + ERROR_OUT(-9637, done); + } + TEST_SLEEP(); +#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */ + + ret = 0; + +done: + + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + wc_ecc_del_point_h(pubPoint, HEAP_HINT); + wc_ecc_free(&key); + + return ret; +} +#endif /* HAVE_ECC_KEY_IMPORT */ + + +#ifdef WOLFSSL_KEY_GEN +static int ecc_test_key_gen(WC_RNG* rng, int keySize) +{ + int ret = 0; + int derSz; +#ifdef HAVE_PKCS8 + word32 pkcs8Sz; +#endif + byte* der; + byte* pem; + ecc_key userA; + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + return -9638; + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -9639; + } + + ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); + if (ret != 0) + goto done; + + ret = wc_ecc_make_key(rng, keySize, &userA); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + goto done; + TEST_SLEEP(); + + ret = wc_ecc_check_key(&userA); + if (ret != 0) + goto done; + TEST_SLEEP(); + + derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF); + if (derSz < 0) { + ERROR_OUT(derSz, done); + } + + ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile, + eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -8347); + if (ret != 0) { + goto done; + } + + /* test export of public key */ + derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1); + if (derSz < 0) { + ERROR_OUT(derSz, done); + } + if (derSz == 0) { + ERROR_OUT(-9640, done); + } + + ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, + NULL, 0, -8348); + if (ret != 0) { + goto done; + } + +#ifdef HAVE_PKCS8 + /* test export of PKCS#8 unencrypted private key */ + pkcs8Sz = FOURK_BUF; + derSz = wc_EccPrivateKeyToPKCS8(&userA, der, &pkcs8Sz); + if (derSz < 0) { + ERROR_OUT(derSz, done); + } + + if (derSz == 0) { + ERROR_OUT(-9641, done); + } + + ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, + NULL, 0, -8349); + if (ret != 0) { + goto done; + } +#endif /* HAVE_PKCS8 */ + +done: + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ecc_free(&userA); + + return ret; +} +#endif /* WOLFSSL_KEY_GEN */ + +static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, + int curve_id, const ecc_set_type* dp) +{ +#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) + DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); + DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + byte exportBuf[MAX_ECC_BYTES * 2 + 32]; +#endif + word32 x; +#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) + word32 y; +#endif +#ifdef HAVE_ECC_SIGN + DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); + DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); + int i; +#ifdef HAVE_ECC_VERIFY + int verify; +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ + int ret; + ecc_key userA, userB, pubKey; + int curveSize; + + (void)testVerifyCount; + (void)dp; + (void)x; + + XMEMSET(&userA, 0, sizeof(ecc_key)); + XMEMSET(&userB, 0, sizeof(ecc_key)); + XMEMSET(&pubKey, 0, sizeof(ecc_key)); + + ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); + if (ret != 0) + goto done; + ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); + if (ret != 0) + goto done; + ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); + if (ret != 0) + goto done; + +#ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(&userA, dp); + if (ret != 0) + goto done; + ret = wc_ecc_set_custom_curve(&userB, dp); + if (ret != 0) + goto done; + } +#endif + + ret = wc_ecc_make_key_ex(rng, keySize, &userA, curve_id); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + goto done; + TEST_SLEEP(); + + if (wc_ecc_get_curve_idx(curve_id) != -1) { + curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id); + if (curveSize != userA.dp->size) { + ret = -9642; + goto done; + } + } + + ret = wc_ecc_check_key(&userA); + if (ret != 0) + goto done; + TEST_SLEEP(); + + ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + goto done; + TEST_SLEEP(); + + /* only perform the below tests if the key size matches */ + if (dp == NULL && keySize > 0 && wc_ecc_size(&userA) != keySize) { + ret = ECC_CURVE_OID_E; + goto done; + } + +#ifdef HAVE_ECC_DHE + x = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + + if (y != x) + ERROR_OUT(-9643, done); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(-9644, done); + TEST_SLEEP(); +#endif /* HAVE_ECC_DHE */ + +#ifdef HAVE_ECC_CDH + /* add cofactor flag */ + wc_ecc_set_flags(&userA, WC_ECC_FLAG_COFACTOR); + wc_ecc_set_flags(&userB, WC_ECC_FLAG_COFACTOR); + + x = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); + } while (ret == WC_PENDING_E); + if (ret != 0) { + goto done; + } + TEST_SLEEP(); + + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + + if (y != x) + ERROR_OUT(-9645, done); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(-9646, done); + TEST_SLEEP(); + + /* remove cofactor flag */ + wc_ecc_set_flags(&userA, 0); + wc_ecc_set_flags(&userB, 0); +#endif /* HAVE_ECC_CDH */ + +#ifdef HAVE_ECC_KEY_EXPORT + x = sizeof(exportBuf); + ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 0); + if (ret != 0) + goto done; + +#ifdef HAVE_ECC_KEY_IMPORT + #ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(&pubKey, dp); + if (ret != 0) goto done; + } + #endif + ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); + if (ret != 0) + goto done; + +#ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(-9647, done); + TEST_SLEEP(); +#endif /* HAVE_ECC_DHE */ + + #ifdef HAVE_COMP_KEY + /* try compressed export / import too */ + x = sizeof(exportBuf); + ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1); + if (ret != 0) + goto done; + wc_ecc_free(&pubKey); + + ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); + if (ret != 0) + goto done; + #ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(&pubKey, dp); + if (ret != 0) goto done; + } + #endif + ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); + if (ret != 0) + goto done; + + #ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(-9648, done); + TEST_SLEEP(); + #endif /* HAVE_ECC_DHE */ + #endif /* HAVE_COMP_KEY */ + +#endif /* HAVE_ECC_KEY_IMPORT */ +#endif /* HAVE_ECC_KEY_EXPORT */ + +#ifdef HAVE_ECC_SIGN + /* ECC w/out Shamir has issue with all 0 digest */ + /* WC_BIGINT doesn't have 0 len well on hardware */ +#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) + /* test DSA sign hash with zeros */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = 0; + } + + x = ECC_SIG_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, + &userA); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + for (i=0; i<testVerifyCount; i++) { + verify = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, + &verify, &userA); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + if (verify != 1) + ERROR_OUT(-9649, done); + TEST_SLEEP(); + } +#endif /* HAVE_ECC_VERIFY */ +#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */ + + /* test DSA sign hash with sequence (0,1,2,3,4,...) */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = (byte)i; + } + + x = ECC_SIG_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, + &userA); + } while (ret == WC_PENDING_E); + if (ret != 0) + ERROR_OUT(-9650, done); + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + for (i=0; i<testVerifyCount; i++) { + verify = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, + &verify, &userA); + } while (ret == WC_PENDING_E); + if (ret != 0) + goto done; + if (verify != 1) + ERROR_OUT(-9651, done); + TEST_SLEEP(); + } +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ + +#ifdef HAVE_ECC_KEY_EXPORT + x = sizeof(exportBuf); + ret = wc_ecc_export_private_only(&userA, exportBuf, &x); + if (ret != 0) + goto done; +#endif /* HAVE_ECC_KEY_EXPORT */ + +done: + wc_ecc_free(&pubKey); + wc_ecc_free(&userB); + wc_ecc_free(&userA); + +#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) + FREE_VAR(sharedA, HEAP_HINT); + FREE_VAR(sharedB, HEAP_HINT); +#endif +#ifdef HAVE_ECC_SIGN + FREE_VAR(sig, HEAP_HINT); + FREE_VAR(digest, HEAP_HINT); +#endif + + return ret; +} + +#undef ECC_TEST_VERIFY_COUNT +#define ECC_TEST_VERIFY_COUNT 2 +static int ecc_test_curve(WC_RNG* rng, int keySize) +{ + int ret; + + ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, + ECC_CURVE_DEF, NULL); + if (ret < 0) { + if (ret == ECC_CURVE_OID_E) { + /* ignore error for curves not found */ + /* some curve sizes are only available with: + HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL + and HAVE_ECC_KOBLITZ */ + } + else { + printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret); + return ret; + } + } + +#ifdef HAVE_ECC_VECTOR_TEST + ret = ecc_test_vector(keySize); + if (ret < 0) { + printf("ecc_test_vector %d failed!: %d\n", keySize, ret); + return ret; + } +#endif + +#ifdef WOLFSSL_KEY_GEN + ret = ecc_test_key_gen(rng, keySize); + if (ret < 0) { + if (ret == ECC_CURVE_OID_E) { + /* ignore error for curves not found */ + } + else { + printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret); + return ret; + } + } +#endif + + return 0; +} + +#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) +#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ + defined(HAVE_ECC_KEY_EXPORT) +static int ecc_point_test(void) +{ + int ret; + ecc_point* point; + ecc_point* point2; +#ifdef HAVE_COMP_KEY + ecc_point* point3; + ecc_point* point4; +#endif + word32 outLen; + byte out[65]; + byte der[] = { 0x04, /* = Uncompressed */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; +#ifdef HAVE_COMP_KEY + byte derComp0[] = { 0x02, /* = Compressed, y even */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + byte derComp1[] = { 0x03, /* = Compressed, y odd */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; +#endif + byte altDer[] = { 0x04, /* = Uncompressed */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; + int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1); + + /* if curve P256 is not enabled then test should not fail */ + if (curve_idx == ECC_CURVE_INVALID) + return 0; + + outLen = sizeof(out); + point = wc_ecc_new_point(); + if (point == NULL) + return -9700; + point2 = wc_ecc_new_point(); + if (point2 == NULL) { + wc_ecc_del_point(point); + return -9701; + } +#ifdef HAVE_COMP_KEY + point3 = wc_ecc_new_point(); + if (point3 == NULL) { + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + return -9702; + } + point4 = wc_ecc_new_point(); + if (point4 == NULL) { + wc_ecc_del_point(point3); + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + return -9703; + } +#endif + + /* Parameter Validation testing. */ + wc_ecc_del_point(NULL); + ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point); + if (ret != ECC_BAD_ARG_E) { + ret = -9704; + goto done; + } + ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point); + if (ret != ECC_BAD_ARG_E) { + ret = -9705; + goto done; + } + ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL); + if (ret != ECC_BAD_ARG_E) { + ret = -9706; + goto done; + } + ret = wc_ecc_export_point_der(-1, point, out, &outLen); + if (ret != ECC_BAD_ARG_E) { + ret = -9707; + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen); + if (ret != ECC_BAD_ARG_E) { + ret = -9708; + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen); + if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) { + ret = -9709; + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, point, out, NULL); + if (ret != ECC_BAD_ARG_E) { + ret = -9710; + goto done; + } + outLen = 0; + ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); + if (ret != BUFFER_E) { + ret = -9711; + goto done; + } + ret = wc_ecc_copy_point(NULL, NULL); + if (ret != ECC_BAD_ARG_E) { + ret = -9712; + goto done; + } + ret = wc_ecc_copy_point(NULL, point2); + if (ret != ECC_BAD_ARG_E) { + ret = -9713; + goto done; + } + ret = wc_ecc_copy_point(point, NULL); + if (ret != ECC_BAD_ARG_E) { + ret = -9714; + goto done; + } + ret = wc_ecc_cmp_point(NULL, NULL); + if (ret != BAD_FUNC_ARG) { + ret = -9715; + goto done; + } + ret = wc_ecc_cmp_point(NULL, point2); + if (ret != BAD_FUNC_ARG) { + ret = -9716; + goto done; + } + ret = wc_ecc_cmp_point(point, NULL); + if (ret != BAD_FUNC_ARG) { + ret = -9717; + goto done; + } + + /* Use API. */ + ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point); + if (ret != 0) { + ret = -9718; + goto done; + } + + outLen = sizeof(out); + ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); + if (ret != 0) { + ret = -9719; + goto done; + } + if (outLen != sizeof(der)) { + ret = -9720; + goto done; + } + if (XMEMCMP(out, der, outLen) != 0) { + ret = -9721; + goto done; + } + + ret = wc_ecc_copy_point(point2, point); + if (ret != MP_OKAY) { + ret = -9722; + goto done; + } + ret = wc_ecc_cmp_point(point2, point); + if (ret != MP_EQ) { + ret = -9723; + goto done; + } + + ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2); + if (ret != 0) { + ret = -9724; + goto done; + } + ret = wc_ecc_cmp_point(point2, point); + if (ret != MP_GT) { + ret = -9725; + goto done; + } + +#ifdef HAVE_COMP_KEY + ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); + if (ret != 0) { + ret = -9726; + goto done; + } + + ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0); + if (ret != 0) { + ret = -9727; + goto done; + } + + ret = wc_ecc_cmp_point(point3, point4); + if (ret != MP_EQ) { + ret = -9728; + goto done; + } + + ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3); + if (ret != 0) { + ret = -9729; + goto done; + } + + ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0); + if (ret != 0) { + ret = -9730; + goto done; + } + + ret = wc_ecc_cmp_point(point3, point4); + if (ret != MP_EQ) { + ret = -9731; + goto done; + } +#endif + +done: +#ifdef HAVE_COMP_KEY + wc_ecc_del_point(point4); + wc_ecc_del_point(point3); +#endif + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + + return ret; +} +#endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ + +#ifndef NO_SIG_WRAPPER +static int ecc_sig_test(WC_RNG* rng, ecc_key* key) +{ + int ret; + word32 sigSz; + int size; + byte out[ECC_MAX_SIG_SIZE]; + byte in[] = "Everyone gets Friday off."; + const byte hash[] = { + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + word32 inLen = (word32)XSTRLEN((char*)in); + + size = wc_ecc_sig_size(key); + + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key)); + if (ret != size) + return -9728; + + sigSz = (word32)ret; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, + inLen, out, &sigSz, key, sizeof(*key), rng); + if (ret != 0) + return -9729; + TEST_SLEEP(); + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, + inLen, out, sigSz, key, sizeof(*key)); + if (ret != 0) + return -9730; + TEST_SLEEP(); + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, + hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng); + if (ret != 0) + return -9731; + TEST_SLEEP(); + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, + hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key)); + if (ret != 0) + return -9732; + TEST_SLEEP(); + + return 0; +} +#endif + +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) +static int ecc_exp_imp_test(ecc_key* key) +{ + int ret; + int curve_id; + ecc_key keyImp; + byte priv[32]; + word32 privLen; + byte pub[65]; + word32 pubLen, pubLenX, pubLenY; + const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83" + "ce46cbc947616d0cbaa82323818a793d"; + const char qy[] = "eec4084f5b29ebf29c44cce3b3059610" + "922f8b30ea6e8811742ac7238fe87308"; + const char d[] = "8c14b793cb19137e323a6d2e2a870bca" + "2e7a493ec1153b3a95feb8a4873f8d08"; + + wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); + + privLen = sizeof(priv); + ret = wc_ecc_export_private_only(key, priv, &privLen); + if (ret != 0) { + ret = -9733; + goto done; + } + pubLen = sizeof(pub); + ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen); + if (ret != 0) { + ret = -9734; + goto done; + } + + ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp); + if (ret != 0) { + ret = -9735; + goto done; + } + + wc_ecc_free(&keyImp); + wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); + + ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1); + if (ret != 0) { + ret = -9736; + goto done; + } + + wc_ecc_free(&keyImp); + wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); + + curve_id = wc_ecc_get_curve_id(key->idx); + if (curve_id < 0) { + ret = -9737; + goto done; + } + + /* test import private only */ + ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp, + curve_id); + if (ret != 0) { + ret = -9738; + goto done; + } + + wc_ecc_free(&keyImp); + wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); + + /* test export public raw */ + pubLenX = pubLenY = 32; + ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); + if (ret != 0) { + ret = -9739; + goto done; + } + +#ifndef HAVE_SELFTEST + /* test import of public */ + ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1); + if (ret != 0) { + ret = -9740; + goto done; + } +#endif + + wc_ecc_free(&keyImp); + wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); + + /* test export private and public raw */ + pubLenX = pubLenY = privLen = 32; + ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, + priv, &privLen); + if (ret != 0) { + ret = -9741; + goto done; + } + +#ifndef HAVE_SELFTEST + /* test import of private and public */ + ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1); + if (ret != 0) { + ret = -9742; + goto done; + } +#endif + +done: + wc_ecc_free(&keyImp); + return ret; +} +#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) +static int ecc_mulmod_test(ecc_key* key1) +{ + int ret; + ecc_key key2; + ecc_key key3; + + wc_ecc_init_ex(&key2, HEAP_HINT, devId); + wc_ecc_init_ex(&key3, HEAP_HINT, devId); + + /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */ + /* Need base point (Gx,Gy) and parameter A - load them as the public and + * private key in key2. + */ + ret = wc_ecc_import_raw_ex(&key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af, + ECC_SECP256R1); + if (ret != 0) + goto done; + + /* Need a point (Gx,Gy) and prime - load them as the public and private key + * in key3. + */ + ret = wc_ecc_import_raw_ex(&key3, key1->dp->Gx, key1->dp->Gy, + key1->dp->prime, ECC_SECP256R1); + if (ret != 0) + goto done; + + ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, + 1); + if (ret != 0) { + ret = -9743; + goto done; + } + +done: + wc_ecc_free(&key3); + wc_ecc_free(&key2); + return ret; +} +#endif + +#ifdef HAVE_ECC_DHE +static int ecc_ssh_test(ecc_key* key) +{ + int ret; + byte out[128]; + word32 outLen = sizeof(out); + + /* Parameter Validation testing. */ + ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); + if (ret != BAD_FUNC_ARG) + return -9744; + ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); + if (ret != BAD_FUNC_ARG) + return -9745; + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); + if (ret != BAD_FUNC_ARG) + return -9746; + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); + if (ret != BAD_FUNC_ARG) + return -9747; + + /* Use API. */ + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); + } while (ret == WC_PENDING_E); + if (ret != 0) + return -9748; + TEST_SLEEP(); + return 0; +} +#endif /* HAVE_ECC_DHE */ +#endif + +static int ecc_def_curve_test(WC_RNG *rng) +{ + int ret; + ecc_key key; + + wc_ecc_init_ex(&key, HEAP_HINT, devId); + + /* Use API */ + ret = wc_ecc_set_flags(NULL, 0); + if (ret != BAD_FUNC_ARG) { + ret = -9749; + goto done; + } + ret = wc_ecc_set_flags(&key, 0); + if (ret != 0) { + ret = -9750; + goto done; + } + + ret = wc_ecc_make_key(rng, 32, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ret = -9751; + goto done; + } + TEST_SLEEP(); + +#ifndef NO_SIG_WRAPPER + ret = ecc_sig_test(rng, &key); + if (ret < 0) + goto done; +#endif +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) + ret = ecc_exp_imp_test(&key); + if (ret < 0) + goto done; +#endif +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) +#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) + ret = ecc_mulmod_test(&key); + if (ret < 0) + goto done; +#endif +#ifdef HAVE_ECC_DHE + ret = ecc_ssh_test(&key); + if (ret < 0) + goto done; +#endif +#endif /* WOLFSSL_ATECC508A */ +done: + wc_ecc_free(&key); + return ret; +} +#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ + +#ifdef WOLFSSL_CERT_EXT +static int ecc_decode_test(void) +{ + int ret; + word32 inSz; + word32 inOutIdx; + ecc_key key; + + /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ + + /* This is ecc_clikeypub_der_256. */ + static const byte good[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4, + 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5, + 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80, + 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda, + 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56, + 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42, + 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f, + 0xb4 }; + static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, + 0x00, 0x04, 0x01, 0x01 }; + static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, + 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, + 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, + 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; + static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; + static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x03, 0x04, 0x01, 0x01 }; + static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x03, 0x00, 0x04, 0x01 }; + + XMEMSET(&key, 0, sizeof(key)); + wc_ecc_init_ex(&key, HEAP_HINT, devId); + + inSz = sizeof(good); + ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -9800; + goto done; + } + ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -9801; + goto done; + } + ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); + if (ret != BAD_FUNC_ARG) { + ret = -9802; + goto done; + } + ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0); + if (ret != BAD_FUNC_ARG) { + ret = -9803; + goto done; + } + + /* Change offset to produce bad input data. */ + inOutIdx = 2; + inSz = sizeof(good) - inOutIdx; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); + if (ret != ASN_PARSE_E) { + ret = -9804; + goto done; + } + inOutIdx = 4; + inSz = sizeof(good) - inOutIdx; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); + if (ret != ASN_PARSE_E) { + ret = -9805; + goto done; + } + /* Bad data. */ + inSz = sizeof(badNoObjId); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz); + if (ret != ASN_OBJECT_ID_E) { + ret = -9806; + goto done; + } + inSz = sizeof(badOneObjId); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz); + if (ret != ASN_OBJECT_ID_E) { + ret = -9807; + goto done; + } + inSz = sizeof(badObjId1Len); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz); + if (ret != ASN_PARSE_E) { + ret = -9808; + goto done; + } + inSz = sizeof(badObj2d1Len); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz); + if (ret != ASN_PARSE_E) { + ret = -9809; + goto done; + } + inSz = sizeof(badNotBitStr); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz); + if (ret != ASN_BITSTR_E) { + ret = -9810; + goto done; + } + inSz = sizeof(badBitStrLen); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz); + if (ret != ASN_PARSE_E) { + ret = -9811; + goto done; + } + inSz = sizeof(badNoBitStrZero); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz); + if (ret != ASN_EXPECT_0_E) { + ret = -9812; + goto done; + } + inSz = sizeof(badPoint); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz); + if (ret != ASN_ECC_KEY_E) { + ret = -9813; + goto done; + } + + inSz = sizeof(good); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); + if (ret != 0) { + ret = -9814; + goto done; + } + +done: + wc_ecc_free(&key); + return ret; +} +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_CUSTOM_CURVES +static const byte eccKeyExplicitCurve[] = { + 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, + 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, + 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, + 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, + 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, + 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, + 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, + 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, + 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, + 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, + 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, + 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, + 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, + 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, + 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, + 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49, + 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a, + 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9, + 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe, + 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d, + 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88, + 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe, + 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b +}; + +static int ecc_test_custom_curves(WC_RNG* rng) +{ + int ret; + word32 inOutIdx; + ecc_key key; + + /* test use of custom curve - using BRAINPOOLP256R1 for test */ + #ifndef WOLFSSL_ECC_CURVE_STATIC + const ecc_oid_t ecc_oid_brainpoolp256r1[] = { + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 + }; + const word32 ecc_oid_brainpoolp256r1_sz = + sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t); + #else + #define ecc_oid_brainpoolp256r1 { \ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \ + } + #define ecc_oid_brainpoolp256r1_sz 9 + #endif + const word32 ecc_oid_brainpoolp256r1_sum = 104; + + const ecc_set_type ecc_dp_brainpool256r1 = { + 32, /* size/bytes */ + ECC_CURVE_CUSTOM, /* ID */ + "BRAINPOOLP256R1", /* curve name */ + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */ + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */ + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */ + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */ + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */ + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */ + ecc_oid_brainpoolp256r1, /* oid/oidSz */ + ecc_oid_brainpoolp256r1_sz, + ecc_oid_brainpoolp256r1_sum, /* oid sum */ + 1, /* cofactor */ + }; + + ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF, + &ecc_dp_brainpool256r1); + if (ret != 0) { + printf("ECC test for custom curve failed! %d\n", ret); + return ret; + } + + #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ) + { + int curve_id; + #ifdef HAVE_ECC_BRAINPOOL + curve_id = ECC_BRAINPOOLP256R1; + #else + curve_id = ECC_SECP256K1; + #endif + /* Test and demonstrate use of non-SECP curve */ + ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL); + if (ret < 0) { + printf("ECC test for curve_id %d failed! %d\n", curve_id, ret); + return ret; + } + } + #endif + + ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return -9815; + } + + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key, + sizeof(eccKeyExplicitCurve)); + if (ret != 0) + return -9816; + + wc_ecc_free(&key); + + return ret; +} +#endif /* WOLFSSL_CUSTOM_CURVES */ + +#ifdef WOLFSSL_CERT_GEN + +/* Make Cert / Sign example for ECC cert and ECC CA */ +static int ecc_test_cert_gen(WC_RNG* rng) +{ + int ret; + Cert myCert; + int certSz; + size_t bytes; + word32 idx = 0; +#ifndef USE_CERT_BUFFERS_256 + XFILE file; +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode; +#endif + byte* der; + byte* pem = NULL; + ecc_key caEccKey; + ecc_key certPubKey; + + XMEMSET(&caEccKey, 0, sizeof(caEccKey)); + XMEMSET(&certPubKey, 0, sizeof(certPubKey)); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(-9817, exit); + } + pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + ERROR_OUT(-9818, exit); + } + + /* Get cert private key */ +#ifdef ENABLE_ECC384_CERT_GEN_TEST + /* Get Cert Key 384 */ +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384); + bytes = sizeof_ca_ecc_key_der_384; +#else + file = XFOPEN(eccCaKey384File, "rb"); + if (!file) { + ERROR_OUT(-9819, exit); + } + + bytes = XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); + (void)eccCaKeyFile; +#endif /* USE_CERT_BUFFERS_256 */ +#else +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256); + bytes = sizeof_ca_ecc_key_der_256; +#else + file = XFOPEN(eccCaKeyFile, "rb"); + if (!file) { + ERROR_OUT(-9820, exit); + } + bytes = XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); +#ifdef ENABLE_ECC384_CERT_GEN_TEST + (void)eccCaKey384File; +#endif +#endif /* USE_CERT_BUFFERS_256 */ +#endif /* ENABLE_ECC384_CERT_GEN_TEST */ + + /* Get CA Key */ + ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-9821, exit); + } + ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes); + if (ret != 0) { + ERROR_OUT(-9822, exit); + } + + /* Make a public key */ + ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(-9823, exit); + } + + ret = wc_ecc_make_key(rng, 32, &certPubKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ERROR_OUT(-9824, exit); + } + TEST_SLEEP(); + + /* Setup Certificate */ + if (wc_InitCert(&myCert)) { + ERROR_OUT(-9825, exit); + } + +#ifndef NO_SHA256 + myCert.sigType = CTC_SHA256wECDSA; +#else + myCert.sigType = CTC_SHAwECDSA; +#endif + XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert.certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) { + ERROR_OUT(-9826, exit); + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) { + ERROR_OUT(-9827, exit); + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { + ERROR_OUT(-9828, exit); + } +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef ENABLE_ECC384_CERT_GEN_TEST + #if defined(USE_CERT_BUFFERS_256) + ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_384, + sizeof_ca_ecc_cert_der_384); +#else + ret = wc_SetIssuer(&myCert, eccCaCert384File); + (void)eccCaCertFile; +#endif +#else +#if defined(USE_CERT_BUFFERS_256) + ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256); +#else + ret = wc_SetIssuer(&myCert, eccCaCertFile); +#ifdef ENABLE_ECC384_CERT_GEN_TEST + (void)eccCaCert384File; +#endif +#endif +#endif /* ENABLE_ECC384_CERT_GEN_TEST */ + if (ret < 0) { + ERROR_OUT(-9829, exit); + } + + certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng); + if (certSz < 0) { + ERROR_OUT(-9830, exit); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, + FOURK_BUF, NULL, &caEccKey, rng); + } + } while (ret == WC_PENDING_E); + if (ret < 0) { + ERROR_OUT(-9831, exit); + } + certSz = ret; + TEST_SLEEP(); + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(&decode, der, certSz, 0); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(&decode); + ERROR_OUT(-9832, exit); + + } + FreeDecodedCert(&decode); +#endif + + ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile, + certEccPemFile, CERT_TYPE, -6735); + if (ret != 0) { + goto exit; + } + +exit: + wc_ecc_free(&certPubKey); + wc_ecc_free(&caEccKey); + + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* WOLFSSL_CERT_GEN */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ +static int ecc_test_allocator(WC_RNG* rng) +{ + int ret = 0; + ecc_key* key; + + key = wc_ecc_key_new(HEAP_HINT); + if (key == NULL) { + ERROR_OUT(-9833, exit); + } + + ret = wc_ecc_make_key(rng, 32, key); + if (ret != 0) { + ERROR_OUT(-9834, exit); + } + +exit: + wc_ecc_key_free(key); + return ret; +} +#endif + +int ecc_test(void) +{ + int ret; + WC_RNG rng; + +#ifdef WOLFSSL_CERT_EXT + ret = ecc_decode_test(); + if (ret < 0) + return ret; +#endif + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -9900; + +#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 14); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC112 */ +#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 16); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC128 */ +#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 20); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC160 */ +#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 24); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC192 */ +#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 28); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC224 */ +#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 30); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC239 */ +#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 32); + if (ret < 0) { + goto done; + } +#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ + defined(HAVE_ECC_KEY_EXPORT) + ret = ecc_point_test(); + if (ret < 0) { + goto done; + } +#endif + ret = ecc_def_curve_test(&rng); + if (ret < 0) { + goto done; + } +#endif /* !NO_ECC256 */ +#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 40); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC320 */ +#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 48); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC384 */ +#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 64); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC512 */ +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + ret = ecc_test_curve(&rng, 66); + if (ret < 0) { + goto done; + } +#endif /* HAVE_ECC521 */ + +#if defined(WOLFSSL_CUSTOM_CURVES) + ret = ecc_test_custom_curves(&rng); + if (ret != 0) { + goto done; + } +#endif + +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) + ret = ecc_test_sign_vectors(&rng); + if (ret != 0) { + printf("ecc_test_sign_vectors failed! %d\n", ret); + goto done; + } +#endif +#ifdef HAVE_ECC_CDH + ret = ecc_test_cdh_vectors(); + if (ret != 0) { + printf("ecc_test_cdh_vectors failed! %d\n", ret); + goto done; + } +#endif +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_STM32_PKA) + ret = ecc_test_make_pub(&rng); + if (ret != 0) { + printf("ecc_test_make_pub failed!: %d\n", ret); + goto done; + } +#else + (void) ecc_test_make_pub;/* for compiler warning */ +#endif +#ifdef WOLFSSL_CERT_GEN + ret = ecc_test_cert_gen(&rng); + if (ret != 0) { + printf("ecc_test_cert_gen failed!: %d\n", ret); + goto done; + } +#endif +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + ret = ecc_test_allocator(&rng); + if (ret != 0) { + printf("ecc_test_allocator failed!: %d\n", ret); + } +#endif + +done: + wc_FreeRng(&rng); + + return ret; +} + +#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) + +int ecc_encrypt_test(void) +{ + WC_RNG rng; + int ret = 0; + ecc_key userA, userB; + byte msg[48]; + byte plain[48]; + byte out[80]; + word32 outSz = sizeof(out); + word32 plainSz = sizeof(plain); + int i; + ecEncCtx* cliCtx = NULL; + ecEncCtx* srvCtx = NULL; + byte cliSalt[EXCHANGE_SALT_SZ]; + byte srvSalt[EXCHANGE_SALT_SZ]; + const byte* tmpSalt; + byte msg2[48]; + byte plain2[48]; + byte out2[80]; + word32 outSz2 = sizeof(out2); + word32 plainSz2 = sizeof(plain2); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -10000; + + XMEMSET(&userA, 0, sizeof(userA)); + XMEMSET(&userB, 0, sizeof(userB)); + + ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); + if (ret != 0) + goto done; + ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); + if (ret != 0) + goto done; + + ret = wc_ecc_make_key(&rng, 32, &userA); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0){ + ret = -10001; goto done; + } + + ret = wc_ecc_make_key(&rng, 32, &userB); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0){ + ret = -10002; goto done; + } + + /* set message to incrementing 0,1,2,etc... */ + for (i = 0; i < (int)sizeof(msg); i++) + msg[i] = i; + + /* encrypt msg to B */ + ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); + if (ret != 0) { + ret = -10003; goto done; + } + + /* decrypt msg from A */ + ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); + if (ret != 0) { + ret = -10004; goto done; + } + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = -10005; goto done; + } + + /* let's verify message exchange works, A is client, B is server */ + cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); + srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); + if (cliCtx == NULL || srvCtx == NULL) { + ret = -10006; goto done; + } + + /* get salt to send to peer */ + tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); + if (tmpSalt == NULL) { + ret = -10007; goto done; + } + XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); + + tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); + if (tmpSalt == NULL) { + ret = -10008; goto done; + } + XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); + + /* in actual use, we'd get the peer's salt over the transport */ + ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt); + if (ret != 0) + goto done; + + ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11); + if (ret != 0) + goto done; + + /* get encrypted msg (request) to send to B */ + outSz = sizeof(out); + ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx); + if (ret != 0) + goto done; + + /* B decrypts msg (request) from A */ + plainSz = sizeof(plain); + ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx); + if (ret != 0) + goto done; + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = -10009; goto done; + } + + /* msg2 (response) from B to A */ + for (i = 0; i < (int)sizeof(msg2); i++) + msg2[i] = i + sizeof(msg2); + + /* get encrypted msg (response) to send to B */ + ret = wc_ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2, + &outSz2, srvCtx); + if (ret != 0) + goto done; + + /* A decrypts msg (response) from B */ + ret = wc_ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2, + cliCtx); + if (ret != 0) + goto done; + + if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { + ret = -10010; goto done; + } + +done: + + /* cleanup */ + wc_ecc_ctx_free(srvCtx); + wc_ecc_ctx_free(cliCtx); + + wc_ecc_free(&userB); + wc_ecc_free(&userA); + wc_FreeRng(&rng); + + return ret; +} + +#endif /* HAVE_ECC_ENCRYPT */ + +#ifdef USE_CERT_BUFFERS_256 +int ecc_test_buffers(void) { + size_t bytes; + ecc_key cliKey; + ecc_key servKey; + WC_RNG rng; + word32 idx = 0; + int ret; + /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[256]; + byte plain[256]; + int verify = 0; + word32 x; + + ret = wc_ecc_init_ex(&cliKey, HEAP_HINT, devId); + if (ret != 0) + return -10011; + ret = wc_ecc_init_ex(&servKey, HEAP_HINT, devId); + if (ret != 0) + return -10012; + + bytes = (size_t)sizeof_ecc_clikey_der_256; + /* place client key into ecc_key struct cliKey */ + ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, + (word32)bytes); + if (ret != 0) + return -10013; + + idx = 0; + bytes = (size_t)sizeof_ecc_key_der_256; + + /* place server key into ecc_key struct servKey */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, + (word32)bytes); + if (ret != 0) + return -10014; + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -10015; + +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) + { + word32 y; + /* test encrypt and decrypt if they're available */ + x = sizeof(out); + ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); + if (ret < 0) + return -10016; + + y = sizeof(plain); + ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); + if (ret < 0) + return -10017; + + if (XMEMCMP(plain, in, inLen)) + return -10018; + } +#endif + + x = sizeof(out); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); + } while (ret == WC_PENDING_E); + if (ret < 0) + return -10019; + TEST_SLEEP(); + + XMEMSET(plain, 0, sizeof(plain)); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, + &cliKey); + } while (ret == WC_PENDING_E); + if (ret < 0) + return -10020; + + if (XMEMCMP(plain, in, (word32)ret)) + return -10021; + TEST_SLEEP(); + +#ifdef WOLFSSL_CERT_EXT + idx = 0; + + bytes = sizeof_ecc_clikeypub_der_256; + + ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, + (word32) bytes); + if (ret != 0) + return -10022; +#endif + + wc_ecc_free(&cliKey); + wc_ecc_free(&servKey); + wc_FreeRng(&rng); + + return 0; +} +#endif /* USE_CERT_BUFFERS_256 */ +#endif /* HAVE_ECC */ + + +#ifdef HAVE_CURVE25519 +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) +#ifdef CURVE25519_OVERFLOW_ALL_TESTS +#define X25519_TEST_CNT 5 +#else +#define X25519_TEST_CNT 1 +#endif +static int curve25519_overflow_test(void) +{ + /* secret key for party a */ + byte sa[X25519_TEST_CNT][32] = { + { + 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30, + 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c, + 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3, + 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb, + 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b, + 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e, + 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + } +#endif + }; + + /* public key for party b */ + byte pb[X25519_TEST_CNT][32] = { + { + 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + /* 0xff first byte in original - invalid! */ + 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 + }, + { + 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6, + 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8, + 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f, + 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a + }, + { + 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12, + 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd, + 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d, + 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89 + }, + { + 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba, + 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49, + 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0, + 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b + } +#endif + }; + + /* expected shared key */ + byte ss[X25519_TEST_CNT][32] = { + { + 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc, + 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e, + 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28, + 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02, + 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7, + 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79, + 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10 + } +#endif + }; + + int i; + word32 y; + byte shared[32]; + curve25519_key userA; + + wc_curve25519_init(&userA); + + for (i = 0; i < X25519_TEST_CNT; i++) { + if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], + sizeof(pb[i]), &userA) != 0) + return -10100 - i; + + /* test against known test vector */ + XMEMSET(shared, 0, sizeof(shared)); + y = sizeof(shared); + if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) + return -10110 - i; + + if (XMEMCMP(ss[i], shared, y)) + return -10120 - i; + } + + return 0; +} + +/* Test the wc_curve25519_check_public API. + * + * returns 0 on success and -ve on failure. + */ +static int curve25519_check_public_test(void) +{ + /* Little-endian values that will fail */ + byte fail_le[][CURVE25519_KEYSIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81 + }, + }; + /* Big-endian values that will fail */ + byte fail_be[][CURVE25519_KEYSIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + { + 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + }; + /* Good or valid public value */ + byte good[CURVE25519_KEYSIZE] = { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + int i; + + /* Parameter checks */ + /* NULL pointer */ + if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) != + BAD_FUNC_ARG) { + return -10200; + } + if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) != + BAD_FUNC_ARG) { + return -10201; + } + /* Length of 0 treated differently to other invalid lengths for TLS */ + if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E) + return -10202; + if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E) + return -10203; + + /* Length not CURVE25519_KEYSIZE */ + for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) { + if (i == CURVE25519_KEYSIZE) + continue; + if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) != + ECC_BAD_ARG_E) { + return -10204 - i; + } + if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) != + ECC_BAD_ARG_E) { + return -10214 - i; + } + } + + /* Little-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { + if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE, + EC25519_LITTLE_ENDIAN) == 0) { + return -10224 - i; + } + } + /* Big-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { + if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE, + EC25519_BIG_ENDIAN) == 0) { + return -10234 - i; + } + } + + /* Check a valid public value works! */ + if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, + EC25519_LITTLE_ENDIAN) != 0) { + return -10244; + } + if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, + EC25519_BIG_ENDIAN) != 0) { + return -10245; + } + + return 0; +} + +#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ + +int curve25519_test(void) +{ + WC_RNG rng; + int ret; +#ifdef HAVE_CURVE25519_SHARED_SECRET + byte sharedA[32]; + byte sharedB[32]; + word32 y; +#endif +#ifdef HAVE_CURVE25519_KEY_EXPORT + byte exportBuf[32]; +#endif + word32 x; + curve25519_key userA, userB, pubKey; + +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03 + */ + + /* secret key for party a */ + byte sa[] = { + 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76, + 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C, + 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29, + 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60 + }; + + /* public key for party a */ + byte pa[] = { + 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A, + 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D, + 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA, + 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63 + }; + + /* secret key for party b */ + byte sb[] = { + 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E, + 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB, + 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25, + 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60 + }; + + /* public key for party b */ + byte pb[] = { + 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37, + 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49, + 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1, + 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04 + }; + + /* expected shared key */ + byte ss[] = { + 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B, + 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF, + 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6, + 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB + }; +#endif /* HAVE_CURVE25519_SHARED_SECRET */ + + (void)x; + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -10300; + + wc_curve25519_init(&userA); + wc_curve25519_init(&userB); + wc_curve25519_init(&pubKey); + + /* make curve25519 keys */ + if (wc_curve25519_make_key(&rng, 32, &userA) != 0) + return -10301; + + if (wc_curve25519_make_key(&rng, 32, &userB) != 0) + return -10302; + +#ifdef HAVE_CURVE25519_SHARED_SECRET + /* find shared secret key */ + x = sizeof(sharedA); + if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -10303; + + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -10304; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -10305; + + if (XMEMCMP(sharedA, sharedB, x)) + return -10306; +#endif + +#ifdef HAVE_CURVE25519_KEY_EXPORT + /* export a public key and import it for another user */ + x = sizeof(exportBuf); + if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) + return -10307; + +#ifdef HAVE_CURVE25519_KEY_IMPORT + if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0) + return -10308; +#endif +#endif + +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) + /* test shared key after importing a public key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) + return -10309; + + if (XMEMCMP(sharedA, sharedB, y)) + return -10310; + + /* import RFC test vectors and compare shared key */ + if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -10311; + + if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) + != 0) + return -10312; + + /* test against known test vector */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) + return -10313; + + if (XMEMCMP(ss, sharedB, y)) + return -10314; + + /* test swapping roles of keys and generating same shared key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -10315; + + if (XMEMCMP(ss, sharedB, y)) + return -10316; + + /* test with 1 generated key and 1 from known test vector */ + if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -10317; + + if (wc_curve25519_make_key(&rng, 32, &userB) != 0) + return -10318; + + x = sizeof(sharedA); + if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -10319; + + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -10320; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -10321; + + if (XMEMCMP(sharedA, sharedB, x)) + return -10322; + + ret = curve25519_overflow_test(); + if (ret != 0) + return ret; + ret = curve25519_check_public_test(); + if (ret != 0) + return ret; +#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ + + /* clean up keys when done */ + wc_curve25519_free(&pubKey); + wc_curve25519_free(&userB); + wc_curve25519_free(&userA); + + wc_FreeRng(&rng); + + return 0; +} +#endif /* HAVE_CURVE25519 */ + + +#ifdef HAVE_ED25519 +#ifdef WOLFSSL_TEST_CERT +static int ed25519_test_cert(void) +{ + DecodedCert cert[2]; + DecodedCert* serverCert = NULL; + DecodedCert* caCert = NULL; +#ifdef HAVE_ED25519_VERIFY + ed25519_key key; + ed25519_key* pubKey = NULL; + int verify; +#endif /* HAVE_ED25519_VERIFY */ + int ret; + byte* tmp; + size_t bytes; + XFILE file; + + tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(-10323, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert); + bytes = sizeof_ca_ed25519_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(caEd25519Cert, "rb"); + if (file == NULL) { + ERROR_OUT(-10324, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No certificate to use. */ + ERROR_OUT(-10325, done); +#endif + + InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); + caCert = &cert[0]; + ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-10326, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert); + bytes = sizeof_server_ed25519_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(serverEd25519Cert, "rb"); + if (file == NULL) { + ERROR_OUT(-10327, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No certificate to use. */ + ERROR_OUT(-10328, done); +#endif + + InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); + serverCert = &cert[1]; + ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-10329, done); + } + +#ifdef HAVE_ED25519_VERIFY + ret = wc_ed25519_init(&key); + if (ret < 0) { + ERROR_OUT(-10330, done); + } + pubKey = &key; + ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, + pubKey); + if (ret < 0) { + ERROR_OUT(-10331, done); + } + + if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, + serverCert->source + serverCert->certBegin, + serverCert->sigIndex - serverCert->certBegin, + &verify, pubKey) < 0 || verify != 1) { + ERROR_OUT(-10332, done); + } +#endif /* HAVE_ED25519_VERIFY */ + +done: + if (tmp != NULL) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef HAVE_ED25519_VERIFY + wc_ed25519_free(pubKey); +#endif /* HAVE_ED25519_VERIFY */ + if (caCert != NULL) + FreeDecodedCert(caCert); + if (serverCert != NULL) + FreeDecodedCert(serverCert); + + return ret; +} + +static int ed25519_test_make_cert(void) +{ + WC_RNG rng; + Cert cert; + DecodedCert decode; + ed25519_key key; + ed25519_key* privKey = NULL; + int ret = 0; + byte* tmp = NULL; + + wc_InitCert(&cert); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -10333; + + wc_ed25519_init(&key); + privKey = &key; + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey); + + cert.daysValid = 365 * 2; + cert.selfSigned = 1; + XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); + XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); + cert.isCA = 0; +#ifdef WOLFSSL_CERT_EXT + ret = wc_SetKeyUsage(&cert, certKeyUsage); + if (ret < 0) { + ERROR_OUT(-10334, done); + } + ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); + if (ret < 0) { + ERROR_OUT(-10335, done); + } + ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); + if (ret < 0) { + ERROR_OUT(-10336, done); + } +#endif + tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(-10337, done); + } + + cert.sigType = CTC_ED25519; + ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); + if (ret < 0) { + ERROR_OUT(-10338, done); + } + ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, + ED25519_TYPE, privKey, &rng); + if (ret < 0) { + ERROR_OUT(-10339, done); + } + + InitDecodedCert(&decode, tmp, ret, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + FreeDecodedCert(&decode); + if (ret != 0) { + ERROR_OUT(-10340, done); + } + +done: + if (tmp != NULL) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(privKey); + wc_FreeRng(&rng); + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) +static int ed25519ctx_test(void) +{ + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + static const byte sKeyCtx[] = { + 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, + 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, + 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, + 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 + }; + + static const byte pKeyCtx[] = { + 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, + 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, + 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, + 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 + }; + + static const byte sigCtx1[] = { + 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, + 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, + 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, + 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, + 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, + 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, + 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, + 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d + }; + + static const byte sigCtx2[] = { + 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3, + 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a, + 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5, + 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4, + 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d, + 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54, + 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68, + 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d + }; + + static const byte msgCtx[] = { + 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, + 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 + }; + + static const byte contextCtx[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key) != 0) + return -10400; + + if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)) != 0) + return -10401; + + if (XMEMCMP(out, sigCtx1, 64)) + return -10402; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, + &key, contextCtx, sizeof(contextCtx)) != 0 || + verify != 1) + return -10403; +#endif + + if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, + 0) != 0) + return -10404; + + if (XMEMCMP(out, sigCtx2, 64)) + return -10405; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, + &key, NULL, 0) != 0 || verify != 1) + return -10406; +#endif + + wc_ed25519_free(&key); + + return 0; +} + +static int ed25519ph_test(void) +{ + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + static const byte sKeyPh[] = { + 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, + 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, + 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, + 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 + }; + + static const byte pKeyPh[] = { + 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, + 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, + 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, + 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf + }; + + static const byte sigPh1[] = { + 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, + 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, + 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, + 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, + 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, + 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, + 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, + 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 + }; + + static const byte sigPh2[] = { + 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, + 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, + 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, + 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, + 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, + 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, + 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, + 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e + }; + + static const byte msgPh[] = { + 0x61,0x62,0x63 + }; + + /* SHA-512 hash of msgPh */ + static const byte hashPh[] = { + 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + }; + + static const byte contextPh2[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key) != 0) { + return -10500; + } + + if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, + 0) != 0) { + return -10501; + } + + if (XMEMCMP(out, sigPh1, 64)) + return -10502; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, NULL, 0) != 0 || + verify != 1) { + return -10503; + } +#endif + + if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -10504; + } + + if (XMEMCMP(out, sigPh2, 64)) + return -10505; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -10506; + } +#endif + + if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, + 0) != 0) { + return -10507; + } + + if (XMEMCMP(out, sigPh1, 64)) + return -10508; + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, NULL, 0) != 0 || + verify != 1) { + return -10509; + } +#endif + + if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -10510; + } + + if (XMEMCMP(out, sigPh2, 64)) + return -10511; + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -10512; + } +#endif + + wc_ed25519_free(&key); + + return 0; +} +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + +int ed25519_test(void) +{ + int ret; + WC_RNG rng; +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ + defined(HAVE_ED25519_KEY_IMPORT) + byte out[ED25519_SIG_SIZE]; + byte exportPKey[ED25519_KEY_SIZE]; + byte exportSKey[ED25519_KEY_SIZE]; + word32 exportPSz; + word32 exportSSz; + int i; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify; +#endif /* HAVE_ED25519_VERIFY */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + word32 keySz, sigSz; + ed25519_key key; + ed25519_key key2; + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02 + */ + + static const byte sKey1[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + static const byte sKey2[] = { + 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda, + 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f, + 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24, + 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb + }; + + static const byte sKey3[] = { + 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, + 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, + 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, + 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 + }; + + /* uncompressed test */ + static const byte sKey4[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + /* compressed prefix test */ + static const byte sKey5[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + static const byte sKey6[] = { + 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95, + 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c, + 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74, + 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5 + }; + + static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; + + static const byte pKey1[] = { + 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, + 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, + 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, + 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a + }; + + static const byte pKey2[] = { + 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a, + 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc, + 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c, + 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c + }; + + static const byte pKey3[] = { + 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, + 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, + 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, + 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 + }; + + /* uncompressed test */ + static const byte pKey4[] = { + 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34, + 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6, + 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c, + 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45, + 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02, + 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1, + 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b, + 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a, + 0xd7 + }; + + /* compressed prefix */ + static const byte pKey5[] = { + 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, + 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, + 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, + 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a + }; + + static const byte pKey6[] = { + 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34, + 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86, + 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5, + 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e + }; + + static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; + static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), + sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; + + static const byte sig1[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + static const byte sig2[] = { + 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8, + 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40, + 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f, + 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda, + 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e, + 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c, + 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee, + 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00 + }; + + static const byte sig3[] = { + 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, + 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, + 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, + 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, + 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, + 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, + 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, + 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a + }; + + /* uncompressed test */ + static const byte sig4[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + /* compressed prefix */ + static const byte sig5[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + static const byte sig6[] = { + 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2, + 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a, + 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb, + 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50, + 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45, + 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b, + 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6, + 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03 + }; + + static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; + + static const byte msg1[] = {0x0 }; + static const byte msg2[] = {0x72}; + static const byte msg3[] = {0xAF,0x82}; + + /* test of a 1024 byte long message */ + static const byte msg4[] = { + 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43, + 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08, + 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91, + 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98, + 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12, + 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1, + 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f, + 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8, + 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96, + 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57, + 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37, + 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d, + 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0, + 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c, + 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b, + 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc, + 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3, + 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a, + 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e, + 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe, + 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82, + 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b, + 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6, + 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e, + 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8, + 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9, + 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28, + 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef, + 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68, + 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10, + 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1, + 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7, + 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04, + 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4, + 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53, + 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1, + 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44, + 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9, + 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5, + 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2, + 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59, + 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d, + 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce, + 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24, + 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6, + 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd, + 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf, + 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70, + 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59, + 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53, + 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78, + 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc, + 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9, + 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b, + 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2, + 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07, + 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75, + 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a, + 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d, + 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba, + 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31, + 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b, + 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22, + 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a, + 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78, + 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b, + 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88, + 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e, + 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9, + 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8, + 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4, + 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7, + 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55, + 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1, + 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01, + 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c, + 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb, + 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d, + 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c, + 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8, + 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb, + 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8, + 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14, + 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf, + 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9, + 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27, + 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b, + 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08, + 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a, + 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7, + 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67, + 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49, + 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f, + 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57, + 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a, + 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4, + 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5, + 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1, + 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d, + 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3, + 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e, + 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09, + 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79, + 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e, + 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4, + 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2, + 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66, + 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f, + 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98, + 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41, + 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c, + 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5, + 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3, + 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61, + 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9, + 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1, + 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45, + 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34, + 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd, + 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d, + 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85, + 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e, + 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47, + 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c, + 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef, + 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca, + 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08, + 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0 + }; + + static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; + static const word16 msgSz[] = {0 /*sizeof(msg1)*/, + sizeof(msg2), + sizeof(msg3), + 0 /*sizeof(msg1)*/, + 0 /*sizeof(msg1)*/, + sizeof(msg4) + }; +#ifndef NO_ASN + static byte privateEd25519[] = { + 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + static byte publicEd25519[] = { + 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, + 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + static byte privPubEd25519[] = { + 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, + 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + + word32 idx; + ed25519_key key3; +#endif /* NO_ASN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + + /* create ed25519 keys */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -10600; + + wc_ed25519_init(&key); + wc_ed25519_init(&key2); +#ifndef NO_ASN + wc_ed25519_init(&key3); +#endif + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); + + /* helper functions for signature and key size */ + keySz = wc_ed25519_size(&key); + sigSz = wc_ed25519_sig_size(&key); + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ + defined(HAVE_ED25519_KEY_IMPORT) + for (i = 0; i < 6; i++) { + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], + pKeySz[i], &key) != 0) + return -10601 - i; + + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) + return -10611 - i; + + if (XMEMCMP(out, sigs[i], 64)) + return -10621 - i; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + &key) != 0 || verify != 1) + return -10631 - i; + + /* test verify on bad msg */ + out[outlen-1] = out[outlen-1] + 1; + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + &key) == 0 || verify == 1) + return -10641 - i; +#endif /* HAVE_ED25519_VERIFY */ + + /* test api for import/exporting keys */ + exportPSz = sizeof(exportPKey); + exportSSz = sizeof(exportSKey); + if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) + return -10651 - i; + + if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0) + return -10661 - i; + + if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) + return -10671 - i; + + if (wc_ed25519_import_private_key(exportSKey, exportSSz, + exportPKey, exportPSz, &key2) != 0) + return -10681 - i; + + /* clear "out" buffer and test sign with imported keys */ + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) + return -10691 - i; + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + &key2) != 0 || verify != 1) + return -10701 - i; + + if (XMEMCMP(out, sigs[i], 64)) + return -10711 - i; +#endif /* HAVE_ED25519_VERIFY */ + } + + ret = ed25519ctx_test(); + if (ret != 0) + return ret; + + ret = ed25519ph_test(); + if (ret != 0) + return ret; + +#ifndef NO_ASN + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, + sizeof(privateEd25519)) != 0) + return -10721 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) + != BAD_FUNC_ARG) + return -10731 - i; + + idx = 0; + if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, + sizeof(publicEd25519)) != 0) + return -10741 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -10751 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -10761 - i; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) + != 0 || verify != 1) + return -10771 - i; +#endif /* HAVE_ED25519_VERIFY */ + + wc_ed25519_free(&key3); + wc_ed25519_init(&key3); + + idx = 0; + if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, + sizeof(privPubEd25519)) != 0) + return -10781 - i; + + if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) + return -10791 - i; + + if (XMEMCMP(out, sigs[0], 64)) + return -10801 - i; + + wc_ed25519_free(&key3); +#endif /* NO_ASN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + + /* clean up keys when done */ + wc_ed25519_free(&key); + wc_ed25519_free(&key2); + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + wc_FreeRng(&rng); +#endif + + /* hush warnings of unused keySz and sigSz */ + (void)keySz; + (void)sigSz; + +#ifdef WOLFSSL_TEST_CERT + ret = ed25519_test_cert(); + if (ret < 0) + return ret; +#ifdef WOLFSSL_CERT_GEN + ret = ed25519_test_make_cert(); + if (ret < 0) + return ret; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + + return 0; +} +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE448 +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) +/* Test the wc_curve448_check_public API. + * + * returns 0 on success and -ve on failure. + */ +static int curve448_check_public_test(void) +{ + /* Little-endian values that will fail */ + byte fail_le[][CURVE448_KEY_SIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + }; + /* Big-endian values that will fail */ + byte fail_be[][CURVE448_KEY_SIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + }; + /* Good or valid public value */ + byte good[CURVE448_KEY_SIZE] = { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + int i; + + /* Parameter checks */ + /* NULL pointer */ + if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) != + BAD_FUNC_ARG) { + return -10900; + } + if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) { + return -10901; + } + /* Length of 0 treated differently to other invalid lengths for TLS */ + if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E) + return -10902; + if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E) + return -10903; + + /* Length not CURVE448_KEY_SIZE */ + for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) { + if (i == CURVE448_KEY_SIZE) + continue; + if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) != + ECC_BAD_ARG_E) { + return -10904 - i; + } + if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) != + ECC_BAD_ARG_E) { + return -10914 - i; + } + } + + /* Little-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { + if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE, + EC448_LITTLE_ENDIAN) == 0) { + return -10924 - i; + } + } + /* Big-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { + if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE, + EC448_BIG_ENDIAN) == 0) { + return -10934 - i; + } + } + + /* Check a valid public value works! */ + if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, + EC448_LITTLE_ENDIAN) != 0) { + return -10944; + } + if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, + EC448_BIG_ENDIAN) != 0) { + return -10945; + } + + return 0; +} + +#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ + +int curve448_test(void) +{ + WC_RNG rng; + int ret; +#ifdef HAVE_CURVE448_SHARED_SECRET + byte sharedA[CURVE448_KEY_SIZE]; + byte sharedB[CURVE448_KEY_SIZE]; + word32 y; +#endif +#ifdef HAVE_CURVE448_KEY_EXPORT + byte exportBuf[CURVE448_KEY_SIZE]; +#endif + word32 x; + curve448_key userA, userB, pubKey; + + (void)x; + +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) + /* test vectors from + https://www.rfc-editor.org/rfc/rfc7748.html + */ + + /* secret key for party a */ + byte sa[] = { + 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a, + 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00, + 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74, + 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4, + 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee, + 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75, + 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a, + }; + + /* public key for party a */ + byte pa[] = { + 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17, + 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c, + 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8, + 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa, + 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27, + 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d, + 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b, + }; + + /* secret key for party b */ + byte sb[] = { + 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36, + 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37, + 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb, + 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f, + 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6, + 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99, + 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c, + }; + + /* public key for party b */ + byte pb[] = { + 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07, + 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7, + 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc, + 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3, + 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d, + 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc, + 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e, + }; + + /* expected shared key */ + byte ss[] = { + 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44, + 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52, + 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd, + 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28, + 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d, + 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec, + 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07, + }; +#endif /* HAVE_CURVE448_SHARED_SECRET */ + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -11000; + + wc_curve448_init(&userA); + wc_curve448_init(&userB); + wc_curve448_init(&pubKey); + + /* make curve448 keys */ + if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0) + return -11001; + + if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0) + return -11002; + +#ifdef HAVE_CURVE448_SHARED_SECRET + /* find shared secret key */ + x = sizeof(sharedA); + if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -11003; + + y = sizeof(sharedB); + if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -11004; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -11005; + + if (XMEMCMP(sharedA, sharedB, x)) + return -11006; +#endif + +#ifdef HAVE_CURVE448_KEY_EXPORT + /* export a public key and import it for another user */ + x = sizeof(exportBuf); + if (wc_curve448_export_public(&userA, exportBuf, &x) != 0) + return -11007; + +#ifdef HAVE_CURVE448_KEY_IMPORT + if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0) + return -11008; +#endif +#endif + +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) + /* test shared key after importing a public key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0) + return -11009; + + if (XMEMCMP(sharedA, sharedB, y)) + return -11010; + + /* import RFC test vectors and compare shared key */ + if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -11011; + + if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) + != 0) + return -11012; + + /* test against known test vector */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0) + return -11013; + + if (XMEMCMP(ss, sharedB, y)) + return -11014; + + /* test swapping roles of keys and generating same shared key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -11015; + + if (XMEMCMP(ss, sharedB, y)) + return -11016; + + /* test with 1 generated key and 1 from known test vector */ + if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -11017; + + if (wc_curve448_make_key(&rng, 56, &userB) != 0) + return -11018; + + x = sizeof(sharedA); + if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -11019; + + y = sizeof(sharedB); + if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -11020; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -11021; + + if (XMEMCMP(sharedA, sharedB, x)) + return -11022; + + ret = curve448_check_public_test(); + if (ret != 0) + return ret; +#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ + + /* clean up keys when done */ + wc_curve448_free(&pubKey); + wc_curve448_free(&userB); + wc_curve448_free(&userA); + + wc_FreeRng(&rng); + + return 0; +} +#endif /* HAVE_CURVE448 */ + +#ifdef HAVE_ED448 +#ifdef WOLFSSL_TEST_CERT +static int ed448_test_cert(void) +{ + DecodedCert cert[2]; + DecodedCert* serverCert = NULL; + DecodedCert* caCert = NULL; +#ifdef HAVE_ED448_VERIFY + ed448_key key; + ed448_key* pubKey = NULL; + int verify; +#endif /* HAVE_ED448_VERIFY */ + int ret; + byte* tmp; + size_t bytes; + XFILE file; + + tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(-11023, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert); + bytes = sizeof_ca_ed448_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(caEd448Cert, "rb"); + if (file == NULL) { + ERROR_OUT(-11024, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No certificate to use. */ + ERROR_OUT(-11025, done); +#endif + + InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); + caCert = &cert[0]; + ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-11026, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert); + bytes = sizeof_server_ed448_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(serverEd448Cert, "rb"); + if (file == NULL) { + ERROR_OUT(-11027, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); +#else + /* No certificate to use. */ + ERROR_OUT(-11028, done); +#endif + + InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); + serverCert = &cert[1]; + ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + ERROR_OUT(-11029, done); + } + +#ifdef HAVE_ED448_VERIFY + ret = wc_ed448_init(&key); + if (ret < 0) { + ERROR_OUT(-11030, done); + } + pubKey = &key; + ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); + if (ret < 0) { + ERROR_OUT(-11031, done); + } + + if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength, + serverCert->source + serverCert->certBegin, + serverCert->sigIndex - serverCert->certBegin, + &verify, pubKey) < 0 || verify != 1) { + ERROR_OUT(-11032, done); + } +#endif /* HAVE_ED448_VERIFY */ + +done: + if (tmp != NULL) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef HAVE_ED448_VERIFY + wc_ed448_free(pubKey); +#endif /* HAVE_ED448_VERIFY */ + if (caCert != NULL) + FreeDecodedCert(caCert); + if (serverCert != NULL) + FreeDecodedCert(serverCert); + + return ret; +} + +static int ed448_test_make_cert(void) +{ + WC_RNG rng; + Cert cert; + DecodedCert decode; + ed448_key key; + ed448_key* privKey = NULL; + int ret = 0; + byte* tmp = NULL; + + wc_InitCert(&cert); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -11033; + + wc_ed448_init(&key); + privKey = &key; + wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey); + + cert.daysValid = 365 * 2; + cert.selfSigned = 1; + XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); + XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); + cert.isCA = 0; +#ifdef WOLFSSL_CERT_EXT + ret = wc_SetKeyUsage(&cert, certKeyUsage); + if (ret < 0) { + ERROR_OUT(-11034, done); + } + ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); + if (ret < 0) { + ERROR_OUT(-11035, done); + } + ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); + if (ret < 0) { + ERROR_OUT(-11036, done); + } +#endif + tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(-11037, done); + } + + cert.sigType = CTC_ED448; + ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng); + if (ret < 0) { + ERROR_OUT(-11038, done); + } + ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE, + privKey, &rng); + if (ret < 0) { + ERROR_OUT(-11039, done); + } + + InitDecodedCert(&decode, tmp, ret, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + FreeDecodedCert(&decode); + if (ret != 0) { + ERROR_OUT(-11040, done); + } + +done: + if (tmp != NULL) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed448_free(privKey); + wc_FreeRng(&rng); + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(HAVE_ED448_KEY_IMPORT) +static int ed448_ctx_test(void) +{ + byte out[ED448_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED448_VERIFY + int verify; +#endif /* HAVE_ED448_VERIFY */ + ed448_key key; + + static const byte sKeyCtx[] = { + 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + }; + + static const byte pKeyCtx[] = { + 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + }; + + static const byte sigCtx[] = { + 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, + 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, + 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, + 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, + 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, + 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, + 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, + 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, + 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, + 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, + 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, + 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, + 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, + 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, + 0x3c, 0x00 + }; + + static const byte msgCtx[] = { + 0x03 + }; + + static const byte contextCtx[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key) != 0) + return -11100; + + if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)) != 0) + return -11101; + + if (XMEMCMP(out, sigCtx, sizeof(sigCtx))) + return -11102; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key, + contextCtx, sizeof(contextCtx)) != 0 || verify != 1) + return -11103; +#endif + + wc_ed448_free(&key); + + return 0; +} + +static int ed448ph_test(void) +{ + byte out[ED448_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED448_VERIFY + int verify; +#endif /* HAVE_ED448_VERIFY */ + ed448_key key; + + static const byte sKeyPh[] = { + 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, + 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, + 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, + 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, + 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, + 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, + 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, + 0x49 + }; + + static const byte pKeyPh[] = { + 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, + 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, + 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, + 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, + 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, + 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, + 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, + 0x80 + }; + + static const byte sigPh1[] = { + 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d, + 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69, + 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56, + 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38, + 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15, + 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd, + 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b, + 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd, + 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94, + 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5, + 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94, + 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3, + 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60, + 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9, + 0x0f, 0x00 + }; + + static const byte sigPh2[] = { + 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, + 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, + 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, + 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, + 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, + 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, + 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, + 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, + 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, + 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, + 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, + 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, + 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, + 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, + 0x21, 0x00 + }; + + static const byte msgPh[] = { + 0x61,0x62,0x63 + }; + + /* SHA-512 hash of msgPh */ + static const byte hashPh[] = { + 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, + 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, + 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, + 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, + 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, + 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, + 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, + 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 + }; + + static const byte contextPh2[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key) != 0) { + return -11200; + } + + if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, + 0) != 0) { + return -11201; + } + + if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) + return -11202; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, + NULL, 0) != 0 || verify != 1) { + return -11203; + } +#endif + + if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -11204; + } + + if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) + return -11205; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, + contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -11206; + } +#endif + + if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, + 0) != 0) { + return -11207; + } + + if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) + return -11208; + +#if defined(HAVE_ED448_VERIFY) + if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, NULL, 0) != 0 || verify != 1) { + return -11209; + } +#endif + + if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)) != 0) { + return -11210; + } + + if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) + return -11211; + +#if defined(HAVE_ED448_VERIFY) + if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)) != 0 || + verify != 1) { + return -11212; + } +#endif + + wc_ed448_free(&key); + + return 0; +} +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + +int ed448_test(void) +{ + int ret; + WC_RNG rng; +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ + defined(HAVE_ED448_KEY_IMPORT) + byte out[ED448_SIG_SIZE]; + byte exportPKey[ED448_KEY_SIZE]; + byte exportSKey[ED448_KEY_SIZE]; + word32 exportPSz; + word32 exportSSz; + int i; + word32 outlen; +#ifdef HAVE_ED448_VERIFY + int verify; +#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + word32 keySz, sigSz; + ed448_key key; + ed448_key key2; + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(HAVE_ED448_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/rfc8032 + */ + + static const byte sKey1[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + static const byte sKey2[] = { + 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + }; + + static const byte sKey3[] = { + 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, + 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, + 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, + 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, + 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, + 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, + 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, + 0x1b + }; + + /* uncompressed test */ + static const byte sKey4[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + /* compressed prefix test */ + static const byte sKey5[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + static const byte sKey6[] = { + 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73, + 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8, + 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83, + 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec, + 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea, + 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19, + 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c, + 0xe8 + }; + + static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; + + static const byte pKey1[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + static const byte pKey2[] = { + 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + }; + + static const byte pKey3[] = { + 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, + 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, + 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, + 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, + 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, + 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, + 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, + 0x80 + }; + + /* uncompressed test */ + static const byte pKey4[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + /* compressed prefix */ + static const byte pKey5[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + static const byte pKey6[] = { + 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94, + 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb, + 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14, + 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d, + 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c, + 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd, + 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4, + 0x00 + }; + + static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; + static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), + sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; + + static const byte sig1[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + static const byte sig2[] = { + 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89, + 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77, + 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35, + 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35, + 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7, + 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33, + 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79, + 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb, + 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36, + 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36, + 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29, + 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f, + 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf, + 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0, + 0x3a, 0x00 + }; + + static const byte sig3[] = { + 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, + 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, + 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, + 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, + 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, + 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, + 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, + 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, + 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, + 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, + 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, + 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, + 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, + 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, + 0x3c, 0x00 + }; + + /* uncompressed test */ + static const byte sig4[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + /* compressed prefix */ + static const byte sig5[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + static const byte sig6[] = { + 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d, + 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75, + 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2, + 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd, + 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63, + 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a, + 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97, + 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d, + 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c, + 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29, + 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d, + 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57, + 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17, + 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e, + 0x1a, 0x00 + }; + + static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; + + static const byte msg1[] = { }; + static const byte msg2[] = { 0x03 }; + static const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, + 0x66, 0x81, 0x1e, 0x29, 0x15 }; + + /* test of a 1023 byte long message */ + static const byte msg4[] = { + 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86, + 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35, + 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c, + 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12, + 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51, + 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50, + 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4, + 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd, + 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6, + 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa, + 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36, + 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc, + 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc, + 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76, + 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf, + 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9, + 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69, + 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e, + 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23, + 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9, + 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47, + 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60, + 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6, + 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21, + 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad, + 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77, + 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17, + 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17, + 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78, + 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e, + 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3, + 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13, + 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93, + 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25, + 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5, + 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0, + 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb, + 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b, + 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed, + 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20, + 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97, + 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73, + 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22, + 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1, + 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5, + 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9, + 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c, + 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98, + 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25, + 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1, + 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6, + 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee, + 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13, + 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7, + 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d, + 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6, + 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f, + 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42, + 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8, + 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4, + 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6, + 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68, + 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00, + 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9, + 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c, + 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40, + 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6, + 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41, + 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c, + 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84, + 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2, + 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56, + 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63, + 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa, + 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99, + 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab, + 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c, + 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2, + 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42, + 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3, + 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17, + 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26, + 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20, + 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35, + 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e, + 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72, + 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a, + 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14, + 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53, + 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc, + 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c, + 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67, + 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01, + 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa, + 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65, + 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05, + 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde, + 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37, + 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07, + 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63, + 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd, + 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64, + 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a, + 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d, + 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6, + 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c, + 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2, + 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c, + 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7, + 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56, + 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1, + 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e, + 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9, + 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15, + 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd, + 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd, + 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d, + 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b, + 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56, + 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4, + 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b, + 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69, + 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4, + 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95, + 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff, + 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e, + 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1, + 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87 + }; + + static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; + static const word16 msgSz[] = {0 /*sizeof(msg1)*/, + sizeof(msg2), + sizeof(msg3), + 0 /*sizeof(msg1)*/, + 0 /*sizeof(msg1)*/, + sizeof(msg4) + }; +#ifndef NO_ASN + static byte privateEd448[] = { + 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, + 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39, + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + static byte publicEd448[] = { + 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, + 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b, + 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec, + 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24, + 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, + 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, + 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, + 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe, + 0xaf, 0xe8, 0x25, 0x61, 0x80 + }; + static byte privPubEd448[] = { + 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05, + 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, + 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, + 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, + 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, + 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, + 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, + 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, + 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, + 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7, + 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, + 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, + 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, + 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, + 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, + 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, + 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 + }; + + word32 idx; + ed448_key key3; +#endif /* NO_ASN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + + /* create ed448 keys */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return -11300; + + wc_ed448_init(&key); + wc_ed448_init(&key2); +#ifndef NO_ASN + wc_ed448_init(&key3); +#endif + wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); + wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key2); + + /* helper functions for signature and key size */ + keySz = wc_ed448_size(&key); + sigSz = wc_ed448_sig_size(&key); + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ + defined(HAVE_ED448_KEY_IMPORT) + for (i = 0; i < 6; i++) { + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i], + pKeySz[i], &key) != 0) + return -11301 - i; + + if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key, NULL, + 0) != 0) { + return -11311 - i; + } + + if (XMEMCMP(out, sigs[i], 114)) + return -11321 - i; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, + NULL, 0) != 0 || verify != 1) { + return -11331 - i; + } + + /* test verify on bad msg */ + out[outlen-2] = out[outlen-2] + 1; + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, + NULL, 0) == 0 || verify == 1) { + return -11341 - i; + } +#endif /* HAVE_ED448_VERIFY */ + + /* test api for import/exporting keys */ + exportPSz = sizeof(exportPKey); + exportSSz = sizeof(exportSKey); + if (wc_ed448_export_public(&key, exportPKey, &exportPSz) != 0) + return -11351 - i; + + if (wc_ed448_import_public(exportPKey, exportPSz, &key2) != 0) + return -11361 - i; + + if (wc_ed448_export_private_only(&key, exportSKey, &exportSSz) != 0) + return -11371 - i; + + if (wc_ed448_import_private_key(exportSKey, exportSSz, + exportPKey, exportPSz, &key2) != 0) + return -11381 - i; + + /* clear "out" buffer and test sign with imported keys */ + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2, NULL, + 0) != 0) { + return -11391 - i; + } + +#if defined(HAVE_ED448_VERIFY) + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2, + NULL, 0) != 0 || verify != 1) + return -11401 - i; + + if (XMEMCMP(out, sigs[i], sizeof(sigs[i]))) + return -11411 - i; +#endif /* HAVE_ED448_VERIFY */ + } + + ret = ed448_ctx_test(); + if (ret != 0) + return ret; + + ret = ed448ph_test(); + if (ret != 0) + return ret; + +#ifndef NO_ASN + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3, + sizeof(privateEd448)) != 0) + return -11421 - i; + + if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) + != BAD_FUNC_ARG) + return -11431 - i; + + idx = 0; + if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3, + sizeof(publicEd448)) != 0) + return -11441 - i; + + if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) + return -11451 - i; + + if (XMEMCMP(out, sigs[0], sizeof(sigs[0]))) + return -11461 - i; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3, + NULL, 0) != 0 || verify != 1) + return -11471 - i; +#endif /* HAVE_ED448_VERIFY */ + + wc_ed448_free(&key3); + wc_ed448_init(&key3); + + idx = 0; + if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3, + sizeof(privPubEd448)) != 0) + return -11481 - i; + + if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) + return -11491 - i; + + if (XMEMCMP(out, sigs[0], sizeof(sigs[0]))) + return -11501 - i; + + wc_ed448_free(&key3); +#endif /* NO_ASN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + + /* clean up keys when done */ + wc_ed448_free(&key); + wc_ed448_free(&key2); + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + wc_FreeRng(&rng); +#endif + + /* hush warnings of unused keySz and sigSz */ + (void)keySz; + (void)sigSz; + +#ifdef WOLFSSL_TEST_CERT + ret = ed448_test_cert(); + if (ret < 0) + return ret; +#ifdef WOLFSSL_CERT_GEN + ret = ed448_test_make_cert(); + if (ret < 0) + return ret; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + + return 0; +} +#endif /* HAVE_ED448 */ + +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + +typedef struct CMAC_Test_Case { + int type; + int partial; + const byte* m; + word32 mSz; + const byte* k; + word32 kSz; + const byte* t; + word32 tSz; +} CMAC_Test_Case; + +int cmac_test(void) +{ +#ifdef WOLFSSL_AES_128 + const byte k128[] = + { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + }; + #define KLEN_128 (sizeof(k128)) +#endif +#ifdef WOLFSSL_AES_192 + const byte k192[] = + { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + }; + #define KLEN_192 (sizeof(k192)) +#endif +#ifdef WOLFSSL_AES_256 + const byte k256[] = + { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + }; + #define KLEN_256 (sizeof(k256)) +#endif + + const byte m[] = + { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + }; + #define MLEN_0 (0) + #define MLEN_128 (128/8) + #define MLEN_320 (320/8) + #define MLEN_319 (MLEN_320 - 1) + #define MLEN_512 (512/8) + +#ifdef WOLFSSL_AES_128 + const byte t128_0[] = + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }; + const byte t128_128[] = + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }; + const byte t128_319[] = + { + 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95, + 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2 + }; + const byte t128_320[] = + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }; + const byte t128_512[] = + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte t192_0[] = + { + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + }; + const byte t192_128[] = + { + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + }; + const byte t192_320[] = + { + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + }; + const byte t192_512[] = + { + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + }; +#endif +#ifdef WOLFSSL_AES_256 + const byte t256_0[] = + { + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + }; + const byte t256_128[] = + { + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + }; + const byte t256_320[] = + { + 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, + 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + }; + const byte t256_512[] = + { + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + }; +#endif + const CMAC_Test_Case testCases[] = + { +#ifdef WOLFSSL_AES_128 + {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_192 + {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_256 + {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_128 + {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE} +#endif + }; + + Cmac cmac; + byte tag[AES_BLOCK_SIZE]; + const CMAC_Test_Case* tc; + word32 i, tagSz; + + for (i = 0, tc = testCases; + i < sizeof(testCases)/sizeof(CMAC_Test_Case); + i++, tc++) { + + XMEMSET(tag, 0, sizeof(tag)); + tagSz = AES_BLOCK_SIZE; + if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0) + return -11600; + if (tc->partial) { + if (wc_CmacUpdate(&cmac, tc->m, + tc->mSz/2 - tc->partial) != 0) + return -11601; + if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial, + tc->mSz/2 + tc->partial) != 0) + return -11602; + } + else { + if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0) + return -11603; + } + if (wc_CmacFinal(&cmac, tag, &tagSz) != 0) + return -11604; + if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) + return -11605; + + XMEMSET(tag, 0, sizeof(tag)); + tagSz = sizeof(tag); + if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, + tc->k, tc->kSz) != 0) + return -11606; + if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) + return -11607; + if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, + tc->k, tc->kSz) != 0) + return -11608; + } + + return 0; +} + +#endif /* NO_AES && WOLFSSL_CMAC */ + +#ifdef HAVE_LIBZ + +const byte sample_text[] = + "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n" + "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n" + "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n" + "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n" + "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n" + "small batch meggings kogi dolore food truck bespoke gastropub.\n" + "\n" + "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n" + "four loko you probably haven't heard of them high life. Messenger bag\n" + "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n" + "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n" + "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n" + "food truck next level, tousled irony non semiotics PBR ethical anim cred\n" + "readymade. Mumblecore brunch lomo odd future, portland organic terry\n" + "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n" + "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n" + "four loko whatever street art yr farm-to-table.\n" + "\n" + "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n" + "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n" + "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n" + "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n" + "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n" + "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n" + "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n" + "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n" + "locavore.\n" + "\n" + "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n" + "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n" + "cillum pickled velit, YOLO officia you probably haven't heard of them\n" + "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n" + "small batch american apparel. Put a bird on it cosby sweater before they\n" + "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n" + "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n" + "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n" + "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n" + "neutra PBR selvage.\n" + "\n" + "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n" + "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n" + "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n" + "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n" + "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n" + "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n" + "incididunt flannel sustainable helvetica pork belly pug banksy you\n" + "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n" + "mollit magna, sriracha sartorial helvetica.\n" + "\n" + "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n" + "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n" + "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n" + "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n" + "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n" + "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n" + "Veniam sunt food truck leggings, sint vinyl fap.\n" + "\n" + "Hella dolore pork belly, truffaut carles you probably haven't heard of\n" + "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n" + "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n" + "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n" + "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n" + "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n" + "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n" + "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n" + "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n" + "\n" + "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n" + "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n" + "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n" + "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n" + "tousled beard mollit mustache leggings portland next level. Nihil esse\n" + "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n" + "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n" + "bag dolor terry richardson sapiente.\n"; + +const byte sample_text_gz[] = { + 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D, + 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9, + 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0, + 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE, + 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78, + 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69, + 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A, + 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64, + 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72, + 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B, + 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37, + 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C, + 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68, + 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5, + 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE, + 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC, + 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF, + 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF, + 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F, + 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A, + 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2, + 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F, + 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD, + 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F, + 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF, + 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88, + 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB, + 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD, + 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4, + 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B, + 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F, + 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD, + 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39, + 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E, + 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E, + 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B, + 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF, + 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30, + 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D, + 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9, + 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34, + 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02, + 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00, + 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96, + 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F, + 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38, + 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20, + 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4, + 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99, + 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6, + 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74, + 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3, + 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20, + 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79, + 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A, + 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29, + 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4, + 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3, + 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7, + 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58, + 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4, + 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58, + 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86, + 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39, + 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47, + 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97, + 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3, + 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8, + 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71, + 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84, + 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29, + 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A, + 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6, + 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A, + 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD, + 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A, + 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46, + 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3, + 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D, + 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03, + 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E, + 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6, + 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73, + 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52, + 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2, + 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1, + 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B, + 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1, + 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24, + 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A, + 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3, + 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E, + 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C, + 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D, + 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15, + 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F, + 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5, + 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F, + 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35, + 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD, + 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C, + 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56, + 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD, + 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88, + 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B, + 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48, + 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44, + 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D, + 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE, + 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C, + 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10, + 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84, + 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA, + 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41, + 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96, + 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49, + 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09, + 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20, + 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C, + 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46, + 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95, + 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13, + 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26, + 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB, + 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28, + 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E, + 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA, + 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0, + 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7, + 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0, + 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34, + 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2, + 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4, + 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C, + 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43, + 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53, + 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0, + 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D, + 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F, + 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73, + 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD, + 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59, + 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C, + 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B, + 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15, + 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39, + 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92, + 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF, + 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00 +}; + +int compress_test(void) +{ + int ret = 0; + word32 dSz = sizeof(sample_text); + word32 cSz = (dSz + (word32)(dSz * 0.001) + 12); + byte *c; + byte *d; + + c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (c == NULL || d == NULL) { + ERROR_OUT(-11700, exit); + } + + /* follow calloc and initialize to 0 */ + XMEMSET(c, 0, cSz); + XMEMSET(d, 0, dSz); + + if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { + ERROR_OUT(-11701, exit); + } + cSz = (word32)ret; + + if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { + ERROR_OUT(-11702, exit); + } + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(-11703, exit); + } + + /* GZIP tests */ + cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */ + XMEMSET(c, 0, cSz); + XMEMSET(d, 0, dSz); + + ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-11704, exit); + } + cSz = (word32)ret; + + ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-11705, exit); + } + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(-11706, exit); + } + + /* Try with gzip generated output */ + XMEMSET(d, 0, dSz); + ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz), + LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-11707, exit); + } + dSz = (word32)ret; + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(-11708, exit); + } + + ret = 0; /* success */ + +exit: + if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* HAVE_LIBZ */ + +#ifdef HAVE_PKCS7 + +/* External Debugging/Testing Note: + * + * PKCS#7 test functions can output generated PKCS#7/CMS bundles for + * additional testing. To dump bundles to files DER encoded files, please + * define: + * + * #define PKCS7_OUTPUT_TEST_BUNDLES + */ + + +/* Loads certs and keys for use with PKCS7 tests, from either files + * or buffers. + * + * rsaClientCertBuf - output buffer for RSA client cert + * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert + * rsaClientPrivKeyBuf - output buffer for RSA client private key + * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key + * + * rsaServerCertBuf - output buffer for RSA server cert + * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert + * rsaServerPrivKeyBuf - output buffer for RSA server private key + * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key + * + * rsaCaCertBuf - output buffer for RSA CA cert + * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert + * rsaCaPrivKeyBuf - output buffer for RSA CA private key + * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key + * + * eccClientCertBuf - output buffer for ECC cert + * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert + * eccClientPrivKeyBuf - output buffer for ECC private key + * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key + * + * Returns 0 on success, negative on error + */ +static int pkcs7_load_certs_keys( + byte* rsaClientCertBuf, word32* rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32* rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32* rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32* eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz) +{ +#ifndef NO_FILESYSTEM + XFILE certFile; + XFILE keyFile; + + (void)certFile; + (void)keyFile; +#endif + +#ifndef NO_RSA + if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL || + rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL) + return BAD_FUNC_ARG; +#endif + +#ifdef HAVE_ECC + if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL || + eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL) + return BAD_FUNC_ARG; +#endif + +/* RSA */ +#ifndef NO_RSA + +#ifdef USE_CERT_BUFFERS_1024 + if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024) + return -11709; + + XMEMCPY(rsaClientCertBuf, client_cert_der_1024, + sizeof_client_cert_der_1024); + *rsaClientCertBufSz = sizeof_client_cert_der_1024; + + if (rsaServerCertBuf != NULL) { + if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024) + return -11710; + + XMEMCPY(rsaServerCertBuf, server_cert_der_1024, + sizeof_server_cert_der_1024); + *rsaServerCertBufSz = sizeof_server_cert_der_1024; + } + + if (rsaCaCertBuf != NULL) { + if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024) + return -11711; + + XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024); + *rsaCaCertBufSz = sizeof_ca_cert_der_1024; + } +#elif defined(USE_CERT_BUFFERS_2048) + if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048) + return -11712; + + XMEMCPY(rsaClientCertBuf, client_cert_der_2048, + sizeof_client_cert_der_2048); + *rsaClientCertBufSz = sizeof_client_cert_der_2048; + + if (rsaServerCertBuf != NULL) { + if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048) + return -11713; + + XMEMCPY(rsaServerCertBuf, server_cert_der_2048, + sizeof_server_cert_der_2048); + *rsaServerCertBufSz = sizeof_server_cert_der_2048; + } + + if (rsaCaCertBuf != NULL) { + if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048) + return -11714; + + XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048); + *rsaCaCertBufSz = sizeof_ca_cert_der_2048; + } +#else + certFile = XFOPEN(clientCert, "rb"); + if (!certFile) + return -11715; + + *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1, + *rsaClientCertBufSz, certFile); + XFCLOSE(certFile); + + if (rsaServerCertBuf != NULL) { + certFile = XFOPEN(rsaServerCertDerFile, "rb"); + if (!certFile) + return -11716; + + *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1, + *rsaServerCertBufSz, certFile); + XFCLOSE(certFile); + } + + if (rsaCaCertBuf != NULL) { + certFile = XFOPEN(rsaCaCertDerFile, "rb"); + if (!certFile) + return -11717; + + *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz, + certFile); + XFCLOSE(certFile); + } +#endif + +#ifdef USE_CERT_BUFFERS_1024 + if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024) + return -11718; + + XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024, + sizeof_client_key_der_1024); + *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024; + + if (rsaServerPrivKeyBuf != NULL) { + if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024) + return -11719; + + XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024, + sizeof_server_key_der_1024); + *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024; + } + + if (rsaCaPrivKeyBuf != NULL) { + if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024) + return -11720; + + XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024); + *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024; + } +#elif defined(USE_CERT_BUFFERS_2048) + if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048) + return -11721; + + XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048, + sizeof_client_key_der_2048); + *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048; + + if (rsaServerPrivKeyBuf != NULL) { + if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048) + return -11722; + + XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048, + sizeof_server_key_der_2048); + *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048; + } + + if (rsaCaPrivKeyBuf != NULL) { + if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048) + return -11723; + + XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048); + *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048; + } +#else + keyFile = XFOPEN(clientKey, "rb"); + if (!keyFile) + return -11724; + + *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1, + *rsaClientPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + + if (rsaServerPrivKeyBuf != NULL) { + keyFile = XFOPEN(rsaServerKeyDerFile, "rb"); + if (!keyFile) + return -11725; + + *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1, + *rsaServerPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + } + + if (rsaCaPrivKeyBuf != NULL) { + keyFile = XFOPEN(rsaCaKeyFile, "rb"); + if (!keyFile) + return -11726; + + *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1, + *rsaCaPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + } +#endif /* USE_CERT_BUFFERS */ + +#endif /* NO_RSA */ + +/* ECC */ +#ifdef HAVE_ECC + +#ifdef USE_CERT_BUFFERS_256 + if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256) + return -11727; + + XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + *eccClientCertBufSz = sizeof_cliecc_cert_der_256; +#else + certFile = XFOPEN(eccClientCert, "rb"); + if (!certFile) + return -11728; + + *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1, + *eccClientCertBufSz, certFile); + XFCLOSE(certFile); +#endif /* USE_CERT_BUFFERS_256 */ + +#ifdef USE_CERT_BUFFERS_256 + if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256) + return -11729; + + XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256; +#else + keyFile = XFOPEN(eccClientKey, "rb"); + if (!keyFile) + return -11730; + + *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1, + *eccClientPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); +#endif /* USE_CERT_BUFFERS_256 */ +#endif /* HAVE_ECC */ + +#ifdef NO_RSA + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; +#endif +#ifndef HAVE_ECC + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; +#endif +#ifndef NO_FILESYSTEM + (void)certFile; + (void)keyFile; +#endif + return 0; +} + + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + int keyWrapOID; + int keyAgreeOID; + byte* cert; + size_t certSz; + byte* privateKey; + word32 privateKeySz; + byte* optionalUkm; + word32 optionalUkmSz; + int ktriOptions; /* KTRI options flags */ + int kariOptions; /* KARI options flags */ + + /* KEKRI specific */ + byte* secretKey; /* key, only for kekri RecipientInfo types */ + word32 secretKeySz; /* size of secretKey, bytes */ + byte* secretKeyId; /* key identifier */ + word32 secretKeyIdSz; /* size of key identifier, bytes */ + void* timePtr; /* time_t pointer */ + byte* otherAttrOID; /* OPTIONAL, other attribute OID */ + word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ + byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ + word32 otherAttrSz; /* size of otherAttr, bytes */ + int kekriOptions; /* KEKRI options flags */ + + /* PWRI specific */ + char* password; + word32 passwordSz; + byte* salt; + word32 saltSz; + int kdfOID; + int hashOID; + int kdfIterations; + int pwriOptions; /* PWRI options flags */ + + /* ORI specific */ + int isOri; + int oriOptions; /* ORI options flags */ + + const char* outFileName; +} pkcs7EnvelopedVector; + + +static const byte asnDataOid[] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 +}; + +/* ORI encrypt callback, responsible for encrypting content-encryption key (CEK) + * and giving wolfCrypt the value for oriOID and oriValue to place in + * OtherRecipientInfo. + * + * Returns 0 on success, negative upon error. */ +static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType, + word32* oriTypeSz, byte* oriValue, word32* oriValueSz, + void* ctx) +{ + int i; + + /* make sure buffers are large enough */ + if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType))) + return -11731; + + /* our simple encryption algorithm will be take the bitwise complement */ + oriValue[0] = 0x04; /*ASN OCTET STRING */ + oriValue[1] = (byte)cekSz; /* length */ + for (i = 0; i < (int)cekSz; i++) { + oriValue[2 + i] = ~cek[i]; + } + *oriValueSz = 2 + cekSz; + + /* set oriType to ASN.1 encoded data OID */ + XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid)); + *oriTypeSz = sizeof(asnDataOid); + + (void)pkcs7; + (void)ctx; + + return 0; +} + + +/* ORI decrypt callback, responsible for providing a decrypted content + * encryption key (CEK) placed into decryptedKey and size placed into + * decryptedKeySz. oriOID and oriValue are given to the callback to help + * in decrypting the encrypted CEK. + * + * Returns 0 on success, negative upon error. */ +static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, + byte* oriValue, word32 oriValueSz, byte* decryptedKey, + word32* decryptedKeySz, void* ctx) +{ + int i; + + /* make sure oriType matches what we expect */ + if (oriTypeSz != sizeof(asnDataOid)) + return -11732; + + if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0) + return -11733; + + /* make sure decrypted buffer is large enough */ + if (*decryptedKeySz < oriValueSz) + return -11734; + + /* decrypt encrypted CEK using simple bitwise complement, + only for example */ + for (i = 0; i < (int)oriValueSz - 2; i++) { + decryptedKey[i] = ~oriValue[2 + i]; + } + + *decryptedKeySz = oriValueSz - 2; + + (void)pkcs7; + (void)ctx; + + return 0; +} + + +#ifndef NO_AES +/* returns 0 on success */ +static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, + byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, + byte* in, int inSz, byte* out, void* usrCtx) +{ + int keyId = -1, ret, keySz; + word32 keyIdSz = 8; + const byte* key; + byte keyIdRaw[8]; + Aes aes; + + /* looking for KEY ID + * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37 + */ + const unsigned char OID[] = { + /* 0x06, 0x0B do not pass in tag and length */ + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x25 + }; + + const byte defKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + + const byte altKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + + /* test user context passed in */ + if (usrCtx == NULL || *(int*)usrCtx != 1) { + return -11735; + } + + /* if needing to find keyIdSz can call with NULL */ + ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL, + &keyIdSz); + if (ret != LENGTH_ONLY_E) { + printf("Unexpected error %d when getting keyIdSz\n", ret); + printf("Possibly no KEY ID attribute set\n"); + return -11736; + } + else { + XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw)); + ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw, + &keyIdSz); + if (ret < 0) { + return ret; + } + + if (keyIdSz < 3) { + printf("keyIdSz is smaller than expected\n"); + return -11737; + } + if (keyIdSz > 2 + sizeof(int)) { + printf("example case was only expecting a keyId of int size\n"); + return -11738; + } + + /* keyIdRaw[0] OCTET TAG */ + /* keyIdRaw[1] Length */ +#ifdef BIG_ENDIAN_ORDER + if (keyIdRaw[1] == 0x01) { + keyId = 1; + } +#else + keyId = *(int*)(keyIdRaw + 2); +#endif + } + + + /* Use keyID here if found to select key and decrypt in HSM or in this + * example just select key and do software decryption */ + if (keyId == 1) { + key = altKey; + keySz = sizeof(altKey); + } + else { + key = defKey; + keySz = sizeof(defKey); + } + + switch (encryptOID) { + case AES256CBCb: + if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) + return BAD_FUNC_ARG; + break; + + case AES128CBCb: + if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) + return BAD_FUNC_ARG; + break; + + default: + printf("Unsupported content cipher type for example"); + return ALGO_ID_E; + }; + + ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(&aes, out, in, inSz); + wc_AesFree(&aes); + } + + (void)aad; + (void)aadSz; + (void)authTag; + (void)authTagSz; + return ret; +} +#endif /* NO_AES */ + + +static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, + byte* rsaPrivKey, word32 rsaPrivKeySz, + byte* eccCert, word32 eccCertSz, + byte* eccPrivKey, word32 eccPrivKeySz) +{ + int ret, testSz, i; + int envelopedSz, decodedSz; + + byte enveloped[2048]; + byte decoded[2048]; + PKCS7* pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ + defined(WOLFSSL_SHA512) + byte optionalUkm[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; +#endif /* NO_AES */ + +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) + /* encryption key for kekri recipient types */ + byte secretKey[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; + + /* encryption key identifier */ + byte secretKeyId[] = { + 0x02,0x02,0x03,0x04 + }; +#endif + +#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ + !defined(NO_SHA) && defined(WOLFSSL_AES_128) + + char password[] = "password"; + + byte salt[] = { + 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 + }; +#endif + + const pkcs7EnvelopedVector testVectors[] = + { + /* key transport key encryption technique */ +#ifndef NO_RSA + #ifndef NO_DES3 + {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataDES3.der"}, + #endif + + #ifndef NO_AES + #ifdef WOLFSSL_AES_128 + {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC.der"}, + #endif + #ifdef WOLFSSL_AES_192 + {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES192CBC.der"}, + #endif + #ifdef WOLFSSL_AES_256 + {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC.der"}, + + /* explicitly using SKID for SubjectKeyIdentifier */ + {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL, + NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_SKID.der"}, + + /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ + {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, + 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"}, + #endif + #endif /* NO_AES */ +#endif + + /* key agreement key encryption technique*/ +#ifdef HAVE_ECC + #ifndef NO_AES + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, + dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"}, + #endif + + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"}, + #endif /* NO_SHA256 && WOLFSSL_AES_256 */ + + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) + {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"}, + + /* with optional user keying material (ukm) */ + {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, + #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ + #endif /* NO_AES */ +#endif + + /* kekri (KEKRecipientInfo) recipient types */ +#ifndef NO_AES + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), + secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC_KEKRI.der"}, + #endif +#endif + + /* pwri (PasswordRecipientInfo) recipient types */ +#if !defined(NO_PWDBASED) && !defined(NO_AES) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, + (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, + 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"}, + #endif +#endif + +#if !defined(NO_AES) && !defined(NO_AES_128) + /* ori (OtherRecipientInfo) recipient types */ + {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, + NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, + NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"}, +#endif + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, + #ifdef WOLFSSL_ASYNC_CRYPT + INVALID_DEVID /* async PKCS7 is not supported */ + #else + devId + #endif + ); + if (pkcs7 == NULL) + return -11739; + + if (testVectors[i].secretKey != NULL) { + /* KEKRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11740; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, + testVectors[i].secretKey, testVectors[i].secretKeySz, + testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, + testVectors[i].timePtr, testVectors[i].otherAttrOID, + testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, + testVectors[i].otherAttrSz, testVectors[i].kekriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11741; + } + + /* set key, for decryption */ + ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, + testVectors[i].secretKeySz); + + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11742; + } + + } else if (testVectors[i].password != NULL) { + #ifndef NO_PWDBASED + /* PWRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11743; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, + (byte*)testVectors[i].password, + testVectors[i].passwordSz, testVectors[i].salt, + testVectors[i].saltSz, testVectors[i].kdfOID, + testVectors[i].hashOID, testVectors[i].kdfIterations, + testVectors[i].encryptOID, testVectors[i].pwriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11744; + } + + /* set password, for decryption */ + ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, + testVectors[i].passwordSz); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11745; + } + #endif /* NO_PWDBASED */ + + } else if (testVectors[i].isOri == 1) { + /* ORI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11746; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + + ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, + testVectors[i].oriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11747; + } + + /* set decrypt callback for decryption */ + ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11748; + } + + } else { + /* KTRI or KARI recipient types */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11749; + } + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11750; + } + + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + /* set SubjectIdentifier type for KTRI types */ + if (testVectors[i].ktriOptions & CMS_SKID) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11751; + } + } else if (testVectors[i].ktriOptions & + CMS_ISSUER_AND_SERIAL_NUMBER) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, + CMS_ISSUER_AND_SERIAL_NUMBER); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11752; + } + } + } + + /* encode envelopedData */ + envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, + sizeof(enveloped)); + if (envelopedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -11753; + } + + /* decode envelopedData */ + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, + decoded, sizeof(decoded)); + if (decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -11754; + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); + return -11755; + } + +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < envelopedSz; z++) { + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1, + decoded, sizeof(decoded)); + if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { + printf("unexpected error %d\n", decodedSz); + return -11756; + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read compare failed\n"); + wc_PKCS7_Free(pkcs7); + return -11757; + } + } +#endif +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + return -11758; + } + + ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); + XFCLOSE(pkcs7File); + if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); + return -11759; + } +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + (void)eccCert; + (void)eccCertSz; + (void)eccPrivKey; + (void)eccPrivKeySz; + (void)rsaCert; + (void)rsaCertSz; + (void)rsaPrivKey; + (void)rsaPrivKeySz; + + return 0; +} + + +int pkcs7enveloped_test(void) +{ + int ret = 0; + + byte* rsaCert = NULL; + byte* rsaPrivKey = NULL; + word32 rsaCertSz = 0; + word32 rsaPrivKeySz = 0; + + byte* eccCert = NULL; + byte* eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaCert == NULL) + return -11800; + + rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaPrivKey == NULL) { + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -11801; + } + + rsaCertSz = FOURK_BUF; + rsaPrivKeySz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccCert == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return -11802; + } + + eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccPrivKey == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -11803; + } + + eccCertSz = FOURK_BUF; + eccPrivKeySz = FOURK_BUF; +#endif /* HAVE_ECC */ + + ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, + &rsaPrivKeySz, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, eccCert, &eccCertSz, + eccPrivKey, &eccPrivKeySz); + if (ret < 0) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + #ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return -11804; + } + + ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz, + rsaPrivKey, (word32)rsaPrivKeySz, + eccCert, (word32)eccCertSz, + eccPrivKey, (word32)eccPrivKeySz); + +#ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + int keyWrapOID; + int keyAgreeOID; + byte* cert; + size_t certSz; + byte* privateKey; + word32 privateKeySz; + PKCS7Attrib* authAttribs; + word32 authAttribsSz; + PKCS7Attrib* unauthAttribs; + word32 unauthAttribsSz; + + /* KARI / KTRI specific */ + byte* optionalUkm; + word32 optionalUkmSz; + int ktriOptions; /* KTRI options flags */ + int kariOptions; /* KARI options flags */ + + /* KEKRI specific */ + byte* secretKey; /* key, only for kekri RecipientInfo types */ + word32 secretKeySz; /* size of secretKey, bytes */ + byte* secretKeyId; /* key identifier */ + word32 secretKeyIdSz; /* size of key identifier, bytes */ + void* timePtr; /* time_t pointer */ + byte* otherAttrOID; /* OPTIONAL, other attribute OID */ + word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ + byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ + word32 otherAttrSz; /* size of otherAttr, bytes */ + int kekriOptions; /* KEKRI options flags */ + + /* PWRI specific */ + char* password; /* password */ + word32 passwordSz; /* password size, bytes */ + byte* salt; /* KDF salt */ + word32 saltSz; /* KDF salt size, bytes */ + int kdfOID; /* KDF OID */ + int hashOID; /* KDF hash algorithm OID */ + int kdfIterations; /* KDF iterations */ + int kekEncryptOID; /* KEK encryption algorithm OID */ + int pwriOptions; /* PWRI options flags */ + + /* ORI specific */ + int isOri; + int oriOptions; /* ORI options flags */ + + const char* outFileName; +} pkcs7AuthEnvelopedVector; + + +static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, + byte* rsaPrivKey, word32 rsaPrivKeySz, + byte* eccCert, word32 eccCertSz, + byte* eccPrivKey, word32 eccPrivKeySz) +{ + int ret, testSz, i; + int envelopedSz, decodedSz; + + byte enveloped[2048]; + byte decoded[2048]; + WC_RNG rng; + PKCS7* pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + byte senderNonce[PKCS7_NONCE_SZ + 2]; + +#ifdef HAVE_ECC + byte senderNonceOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x05 }; + + PKCS7Attrib attribs[] = + { + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } + }; +#endif + +#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ + defined(WOLFSSL_SHA512) + byte optionalUkm[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; +#endif /* NO_AES */ + +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) + /* encryption key for kekri recipient types */ + byte secretKey[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; + + /* encryption key identifier */ + byte secretKeyId[] = { + 0x02,0x02,0x03,0x04 + }; +#endif + +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA) && defined(WOLFSSL_AES_128) + + char password[] = "password"; + + byte salt[] = { + 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 + }; +#endif + + const pkcs7AuthEnvelopedVector testVectors[] = + { + /* key transport key encryption technique */ +#ifndef NO_RSA + #if !defined(NO_AES) && defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"}, + #endif + #ifdef WOLFSSL_AES_192 + {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"}, + #endif + #ifdef WOLFSSL_AES_256 + {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"}, + + /* test with contentType set to FirmwarePkgData */ + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0, + rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, + 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, + 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"}, + + /* explicitly using SKID for SubjectKeyIdentifier */ + {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, + 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"}, + + /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ + {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, + CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0, + NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_IANDS.der"}, + #endif + #endif /* NO_AES */ +#endif + + /* key agreement key encryption technique*/ +#ifdef HAVE_ECC + #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, + dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"}, + #endif + + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"}, + + /* with authenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"}, + + /* with unauthenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, attribs, + (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"}, + + /* with authenticated AND unauthenticated attributes */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"}, + + /* with authenticated AND unauthenticated attributes AND + * contentType of FirmwarePkgData */ + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"}, + #endif /* NO_SHA256 && WOLFSSL_AES_256 */ + + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, + NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"}, + + /* with optional user keying material (ukm) */ + {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, + 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"}, + #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ + #endif /* NO_AES */ +#endif + + /* kekri (KEKRecipientInfo) recipient types */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, + secretKey, sizeof(secretKey), secretKeyId, sizeof(secretKeyId), + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"}, + #endif +#endif + + /* pwri (PasswordRecipientInfo) recipient types */ +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, + (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, + AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"}, + #endif +#endif + +#if !defined(NO_AES) && defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + /* ori (OtherRecipientInfo) recipient types */ + {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, + NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, + "pkcs7authEnvelopedDataAES128GCM_ORI.der"}, + #endif +#endif + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7AuthEnvelopedVector); + + + /* generate senderNonce */ + { +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + return -11805; + } + + senderNonce[0] = 0x04; + senderNonce[1] = PKCS7_NONCE_SZ; + + ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) { + wc_FreeRng(&rng); + return -11806; + } + + wc_FreeRng(&rng); + } + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, + #ifdef WOLFSSL_ASYNC_CRYPT + INVALID_DEVID /* async PKCS7 is not supported */ + #else + devId + #endif + ); + if (pkcs7 == NULL) + return -11807; + + if (testVectors[i].secretKey != NULL) { + /* KEKRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11808; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, + testVectors[i].secretKey, testVectors[i].secretKeySz, + testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, + testVectors[i].timePtr, testVectors[i].otherAttrOID, + testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, + testVectors[i].otherAttrSz, testVectors[i].kekriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11809; + } + + /* set key, for decryption */ + ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, + testVectors[i].secretKeySz); + + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11810; + } + + } else if (testVectors[i].password != NULL) { + #ifndef NO_PWDBASED + /* PWRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11811; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, + (byte*)testVectors[i].password, + testVectors[i].passwordSz, testVectors[i].salt, + testVectors[i].saltSz, testVectors[i].kdfOID, + testVectors[i].hashOID, testVectors[i].kdfIterations, + testVectors[i].kekEncryptOID, testVectors[i].pwriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11812; + } + + /* set password, for decryption */ + ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, + testVectors[i].passwordSz); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11813; + } + + #endif /* NO_PWDBASED */ + } else if (testVectors[i].isOri == 1) { + /* ORI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + return -11814; + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, + testVectors[i].oriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11815; + } + + /* set decrypt callback for decryption */ + ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return -11816; + } + + } else { + /* KTRI or KARI recipient types */ + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11817; + } + + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + /* set SubjectIdentifier type for KTRI types */ + if (testVectors[i].ktriOptions & CMS_SKID) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11818; + } + } else if (testVectors[i].ktriOptions & + CMS_ISSUER_AND_SERIAL_NUMBER) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, + CMS_ISSUER_AND_SERIAL_NUMBER); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11819; + } + } + } + + /* encode envelopedData */ + envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped, + sizeof(enveloped)); + if (envelopedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -11820; + } +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < envelopedSz; z++) { + decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, + enveloped + z, 1, decoded, sizeof(decoded)); + if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { + printf("unexpected error %d\n", decodedSz); + return -11821; + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read compare failed\n"); + wc_PKCS7_Free(pkcs7); + return -11822; + } + } +#endif + /* decode envelopedData */ + decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped, + envelopedSz, decoded, + sizeof(decoded)); + if (decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -11823; + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); + return -11824; + } + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + return -11825; + } + + ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); + XFCLOSE(pkcs7File); + if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); + return -11826; + } +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + +#if !defined(HAVE_ECC) || defined(NO_AES) + (void)eccCert; + (void)eccCertSz; + (void)eccPrivKey; + (void)eccPrivKeySz; + (void)secretKey; + (void)secretKeyId; +#endif +#ifdef NO_RSA + (void)rsaCert; + (void)rsaCertSz; + (void)rsaPrivKey; + (void)rsaPrivKeySz; +#endif + return 0; +} + + +int pkcs7authenveloped_test(void) +{ + int ret = 0; + + byte* rsaCert = NULL; + byte* rsaPrivKey = NULL; + word32 rsaCertSz = 0; + word32 rsaPrivKeySz = 0; + + byte* eccCert = NULL; + byte* eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaCert == NULL) + return -11900; + + rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaPrivKey == NULL) { + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -11901; + } + + rsaCertSz = FOURK_BUF; + rsaPrivKeySz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccCert == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return -11902; + } + + eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccPrivKey == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -11903; + } + + eccCertSz = FOURK_BUF; + eccPrivKeySz = FOURK_BUF; +#endif /* HAVE_ECC */ + + ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, + &rsaPrivKeySz, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, eccCert, &eccCertSz, + eccPrivKey, &eccPrivKeySz); + if (ret < 0) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + #ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return -11904; + } + + ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz, + rsaPrivKey, (word32)rsaPrivKeySz, + eccCert, (word32)eccCertSz, + eccPrivKey, (word32)eccPrivKeySz); + +#ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* HAVE_AESGCM || HAVE_AESCCM */ +#ifndef NO_AES +static const byte p7DefKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +}; + +static const byte p7AltKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +}; + +static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, + word32 keyIdSz, byte* orginKey, word32 orginKeySz, + byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) +{ + int ret; + + if (cek == NULL || out == NULL) + return BAD_FUNC_ARG; + + /* test case sanity checks */ + if (keyIdSz != 1) { + return -11905; + } + + if (keyId[0] != 0x00) { + return -11906; + } + + if (type != (int)PKCS7_KEKRI) { + return -11907; + } + + switch (keyWrapAlgo) { + case AES256_WRAP: + ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz, + out, outSz, NULL); + if (ret <= 0) + return ret; + break; + + default: + WOLFSSL_MSG("Unsupported key wrap algorithm in example"); + return BAD_KEYWRAP_ALG_E; + }; + + (void)pkcs7; + (void)direction; + (void)orginKey; /* used with KAKRI */ + (void)orginKeySz; + return ret; +} + + +/* returns key size on success */ +static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz) +{ + int ret; + word32 atrSz; + byte atr[256]; + + /* Additionally can look for fwWrappedFirmwareKey + * 1.2.840.113529.1.9.16.1.16 */ + const unsigned char fwWrappedFirmwareKey[] = { + /* 0x06, 0x0B */ + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x27 + }; + + /* find keyID in fwWrappedFirmwareKey */ + ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, + sizeof(fwWrappedFirmwareKey), NULL, &atrSz); + if (ret == LENGTH_ONLY_E) { + XMEMSET(atr, 0, sizeof(atr)); + ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, + sizeof(fwWrappedFirmwareKey), atr, &atrSz); + + /* keyIdRaw[0] OCTET TAG */ + /* keyIdRaw[1] Length */ + + if (ret > 0) { + PKCS7* envPkcs7; + + envPkcs7 = wc_PKCS7_New(NULL, 0); + if (envPkcs7 == NULL) { + return MEMORY_E; + } + + wc_PKCS7_Init(envPkcs7, NULL, 0); + ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc); + if (ret == 0) { + /* expecting FIRMWARE_PKG_DATA content */ + envPkcs7->contentOID = FIRMWARE_PKG_DATA; + ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz, + key, keySz); + } + wc_PKCS7_Free(envPkcs7); + } + } + + return ret; +} + +/* create a KEKRI enveloped data + * return size on success */ +static int envelopedData_encrypt(byte* in, word32 inSz, byte* out, + word32 outSz) +{ + int ret; + PKCS7* pkcs7; + const byte keyId[] = { 0x00 }; + + pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); + if (pkcs7 == NULL) + return -11908; + + pkcs7->content = in; + pkcs7->contentSz = inSz; + pkcs7->contentOID = FIRMWARE_PKG_DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->ukm = NULL; + pkcs7->ukmSz = 0; + + /* add recipient (KEKRI type) */ + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey, + sizeof(p7DefKey), (byte*)keyId, + sizeof(keyId), NULL, NULL, 0, NULL, 0, 0); + if (ret < 0) { + printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return -11909; + } + + /* encode envelopedData, returns size */ + ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz); + if (ret <= 0) { + printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return -11910; + + } + + wc_PKCS7_Free(pkcs7); + + return ret; +} + + +/* + * keyHint is the KeyID to be set in the fwDecryptKeyID attribute + * returns size of buffer output on success + */ +static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey, + word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz, + byte* key, word32 keySz) +{ + int ret, attribNum = 1; + PKCS7* pkcs7; + + /* KEY ID + * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37 + */ + const unsigned char fwDecryptKeyID[] = { + 0x06, 0x0B, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x25 + }; + + /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */ + const unsigned char fwWrappedFirmwareKey[] = { + 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x27 + }; + + byte keyID[] = { 0x04, 0x01, 0x00 }; + byte env[256]; + char data[] = "Test of wolfSSL PKCS7 decrypt callback"; + + PKCS7Attrib attribs[] = + { + { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) }, + { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 } + }; + + keyID[2] = keyHint; + + /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */ + if (keyHint == 0) { + ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env, + sizeof(env)); + if (ret <= 0) { + return ret; + } + attribs[1].valueSz = ret; + attribNum++; + } + + /* init PKCS7 */ + pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); + if (pkcs7 == NULL) + return -11911; + + ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + if (ret != 0) { + printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return -11912; + } + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return -11913; + } + + /* encode Signed Encrypted FirmwarePkgData */ + if (encryptKeySz == 16) { + ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, + encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h, + (byte*)data, sizeof(data), NULL, 0, + attribs, attribNum, out, *outSz); + } + else { + ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, + encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h, + (byte*)data, sizeof(data), NULL, 0, + attribs, attribNum, out, *outSz); + } + if (ret <= 0) { + printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, " + "ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return -11914; + + } else { + *outSz = ret; + } + + wc_PKCS7_Free(pkcs7); + + return ret; +} + + +/* test verification and decryption of PKCS7 bundle + * return 0 on success + */ +static int verifyBundle(byte* derBuf, word32 derSz, int keyHint) +{ + int ret = 0; + int usrCtx = 1; /* test value to pass as user context to callback */ + PKCS7* pkcs7; + byte* sid; + word32 sidSz; + byte key[256]; + word32 keySz = sizeof(key); + + byte decoded[FOURK_BUF/2]; + int decodedSz = FOURK_BUF/2; + + const byte expectedSid[] = { + 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, + 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, + 0xD7, 0x85, 0x65, 0xC0 + }; + + pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); + if (pkcs7 == NULL) { + return MEMORY_E; + } + + /* Test verify */ + ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + + /* Get size of SID and print it out */ + ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz); + if (ret != LENGTH_ONLY_E) { + wc_PKCS7_Free(pkcs7); + return ret; + } + + sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sid == NULL) { + wc_PKCS7_Free(pkcs7); + return ret; + } + + ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + ret = XMEMCMP(sid, expectedSid, sidSz); + XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + + /* get expected fwWrappedFirmwareKey */ + if (keyHint == 0) { + ret = getFirmwareKey(pkcs7, key, keySz); + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + pkcs7->encryptionKey = key; + pkcs7->encryptionKeySz = ret; + } + else { + decodedSz = sizeof(decoded); + ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + + ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return ret; + } + } + + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, decoded, decodedSz); + if (decodedSz < 0) { + ret = decodedSz; + wc_PKCS7_Free(pkcs7); + return ret; + } + + wc_PKCS7_Free(pkcs7); + return 0; +} + + +int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz) +{ + + int ret = 0; + byte derBuf[FOURK_BUF/2]; + word32 derSz = FOURK_BUF/2; + + /* Doing default generation and verify */ + ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert, + certSz, key, keySz); + if (ret <= 0) { + return -11915; + } + + ret = verifyBundle(derBuf, derSz, 0); + if (ret != 0) { + return -11916; + } + + /* test choosing other key with keyID */ + derSz = FOURK_BUF/2; + ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1, + cert, certSz, key, keySz); + if (ret <= 0) { + return -11917; + } + + ret = verifyBundle(derBuf, derSz, 1); + if (ret != 0) { + return -11918; + } + + /* test fail case with wrong keyID */ + derSz = FOURK_BUF/2; + ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1, + cert, certSz, key, keySz); + if (ret <= 0) { + return -11919; + } + + ret = verifyBundle(derBuf, derSz, 1); + if (ret == 0) { + return -11920; + } + + return 0; +} +#endif /* NO_AES */ + +#ifndef NO_PKCS7_ENCRYPTED_DATA + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + byte* encryptionKey; + word32 encryptionKeySz; + PKCS7Attrib* attribs; + word32 attribsSz; + const char* outFileName; +} pkcs7EncryptedVector; + + +int pkcs7encrypted_test(void) +{ + int ret = 0; + int i, testSz; + int encryptedSz, decodedSz, attribIdx; + PKCS7* pkcs7; + byte encrypted[2048]; + byte decoded[2048]; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + PKCS7Attrib* expectedAttrib; + PKCS7DecodedAttrib* decodedAttrib; + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#ifndef NO_DES3 + byte desKey[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + byte des3Key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; +#endif + +#ifndef NO_AES +#ifdef WOLFSSL_AES_128 + byte aes128Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte aes192Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte aes256Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Attribute example from RFC 4134, Section 7.2 + * OID = 1.2.5555 + * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */ + static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 }; + static byte genAttr[] = { 0x04, 47, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, + 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e }; + + static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 }; + static byte genAttr2[] = { 0x04, 47, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, + 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e }; + + PKCS7Attrib attribs[] = + { + { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) } + }; + + PKCS7Attrib multiAttribs[] = + { + { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, + { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } + }; +#endif +#endif /* NO_AES */ + + const pkcs7EncryptedVector testVectors[] = + { +#ifndef NO_DES3 + {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key), + NULL, 0, "pkcs7encryptedDataDES3.der"}, + + {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey), + NULL, 0, "pkcs7encryptedDataDES.der"}, +#endif /* NO_DES3 */ + +#ifndef NO_AES + #ifdef WOLFSSL_AES_128 + {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, + sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, + #endif + #ifdef WOLFSSL_AES_192 + {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, + sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"}, + #endif + #ifdef WOLFSSL_AES_256 + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"}, + + /* test with optional unprotected attributes */ + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7encryptedDataAES256CBC_attribs.der"}, + + /* test with multiple optional unprotected attributes */ + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), multiAttribs, + (sizeof(multiAttribs)/sizeof(PKCS7Attrib)), + "pkcs7encryptedDataAES256CBC_multi_attribs.der"}, + + /* test with contentType set to FirmwarePkgData */ + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), NULL, 0, + "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, + #endif +#endif /* NO_AES */ + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12000; + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->encryptionKey = testVectors[i].encryptionKey; + pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; + pkcs7->unprotectedAttribs = testVectors[i].attribs; + pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; + + /* encode encryptedData */ + encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)); + if (encryptedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -12001; + } + + /* decode encryptedData */ +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < encryptedSz; z++) { + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1, + decoded, sizeof(decoded)); + if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { + printf("unexpected error %d\n", decodedSz); + return -12002; + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read failed\n"); + wc_PKCS7_Free(pkcs7); + return -12003; + } + } +#endif + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, + decoded, sizeof(decoded)); + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); + return -12004; + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + wc_PKCS7_Free(pkcs7); + return -12005; + } + + /* verify decoded unprotected attributes */ + if (pkcs7->decodedAttrib != NULL) { + decodedAttrib = pkcs7->decodedAttrib; + attribIdx = 1; + + while (decodedAttrib != NULL) { + + /* expected attribute, stored list is reversed */ + expectedAttrib = &(pkcs7->unprotectedAttribs + [pkcs7->unprotectedAttribsSz - attribIdx]); + + /* verify oid */ + if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, + decodedAttrib->oidSz) != 0) { + wc_PKCS7_Free(pkcs7); + return -12006; + } + + /* verify value */ + if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, + decodedAttrib->valueSz) != 0) { + wc_PKCS7_Free(pkcs7); + return -12007; + } + + decodedAttrib = decodedAttrib->next; + attribIdx++; + } + } + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + return -12008; + } + + ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File); + XFCLOSE(pkcs7File); + + if (ret > 0) + ret = 0; +#endif + + wc_PKCS7_Free(pkcs7); + } + + return ret; +} + +#endif /* NO_PKCS7_ENCRYPTED_DATA */ + + +#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + const char* outFileName; +} pkcs7CompressedVector; + + +int pkcs7compressed_test(void) +{ + int ret = 0; + int i, testSz; + int compressedSz, decodedSz; + PKCS7* pkcs7; + byte compressed[2048]; + byte decoded[2048]; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + const pkcs7CompressedVector testVectors[] = + { + {data, (word32)sizeof(data), DATA, + "pkcs7compressedData_data_zlib.der"}, + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, + "pkcs7compressedData_firmwarePkgData_zlib.der"}, + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector); + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12100; + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + + /* encode compressedData */ + compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed, + sizeof(compressed)); + if (compressedSz <= 0) { + wc_PKCS7_Free(pkcs7); + return -12101; + } + + /* decode compressedData */ + decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed, + compressedSz, decoded, + sizeof(decoded)); + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); + return -12102; + } + + /* test decode result */ + if (XMEMCMP(decoded, testVectors[i].content, + testVectors[i].contentSz) != 0) { + wc_PKCS7_Free(pkcs7); + return -12103; + } + + /* make sure content type is the same */ + if (testVectors[i].contentOID != pkcs7->contentOID) + return -12104; + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 compressedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + return -12105; + } + + ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File); + XFCLOSE(pkcs7File); + + if (ret > 0) + ret = 0; +#endif + + wc_PKCS7_Free(pkcs7); + } + + return ret; +} /* pkcs7compressed_test() */ + +#endif /* HAVE_LIBZ */ + + +typedef struct { + const byte* content; + word32 contentSz; + int hashOID; + int signOID; + byte* privateKey; + word32 privateKeySz; + byte* cert; + size_t certSz; + byte* caCert; + size_t caCertSz; + PKCS7Attrib* signedAttribs; + word32 signedAttribsSz; + const char* outFileName; + int contentOID; + byte* contentType; + word32 contentTypeSz; + int sidType; + int encryptOID; /* for single-shot encrypt alg OID */ + int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/ + byte* encryptKey; /* for single-shot, encryptedData */ + word32 encryptKeySz; /* for single-shot, encryptedData */ + PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */ + word32 unprotectedAttribsSz; /* for single-shot, encryptedData */ + word16 detachedSignature; /* generate detached signature (0:1) */ +} pkcs7SignedVector; + + +static int pkcs7signed_run_vectors( + byte* rsaClientCertBuf, word32 rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32 rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32 rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32 eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) +{ + int ret, testSz, i; + int encodedSz; + byte* out; + word32 outSz; + WC_RNG rng; + PKCS7* pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE file; +#endif + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + static byte transIdOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x07 }; + static byte messageTypeOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x02 }; + static byte senderNonceOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x05 }; +#ifndef NO_SHA + static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; +#else + static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; +#endif + static byte messageType[] = { 0x13, 2, '1', '9' }; + static byte senderNonce[PKCS7_NONCE_SZ + 2]; + + PKCS7Attrib attribs[] = + { + { transIdOid, sizeof(transIdOid), transId, + sizeof(transId) - 1 }, /* take off the null */ + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) }, + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } + }; + + /* for testing custom contentType, FirmwarePkgData */ + byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x01, 0x10 }; + + const pkcs7SignedVector testVectors[] = + { +#ifndef NO_RSA + #ifndef NO_SHA + /* RSA with SHA */ + {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, + 0, 0}, + + /* RSA with SHA, no signed attributes */ + {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, + NULL, 0, NULL, 0, + "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #ifdef WOLFSSL_SHA224 + /* RSA with SHA224 */ + {data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #ifndef NO_SHA256 + /* RSA with SHA256 */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + + /* RSA with SHA256, detached signature */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 1}, + + /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, + NULL, 0, NULL, 0, 0}, + + /* RSA with SHA256 and custom contentType */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0, + customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, + NULL, 0, 0}, + + /* RSA with SHA256 and FirmwarePkgData contentType */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_firmwarePkgData.der", + FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, + + /* RSA with SHA256 using server cert and ca cert */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, + rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, + rsaCaCertBuf, rsaCaCertBufSz, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 0}, + #endif + #if defined(WOLFSSL_SHA384) + /* RSA with SHA384 */ + {data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #if defined(WOLFSSL_SHA512) + /* RSA with SHA512 */ + {data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef NO_SHA + /* ECDSA with SHA */ + {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + + /* ECDSA with SHA, no signed attributes */ + {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, + NULL, 0, NULL, 0, + "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #ifdef WOLFSSL_SHA224 + /* ECDSA with SHA224 */ + {data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #ifndef NO_SHA256 + /* ECDSA with SHA256 */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + + /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, + NULL, 0, NULL, 0, 0}, + + /* ECDSA with SHA256 and custom contentType */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0, + customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, + NULL, 0, 0}, + + /* ECDSA with SHA256 and FirmwarePkgData contentType */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der", + FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, + #endif + #ifdef WOLFSSL_SHA384 + /* ECDSA with SHA384 */ + {data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif + #ifdef WOLFSSL_SHA512 + /* ECDSA with SHA512 */ + {data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0}, + #endif +#endif /* HAVE_ECC */ + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); + + outSz = FOURK_BUF; + out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + return -12106; + + XMEMSET(out, 0, outSz); + + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -12107; + } + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -12108; + } + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12109; + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12110; + } + + /* load CA certificate, if present */ + if (testVectors[i].caCert != NULL) { + ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, + (word32)testVectors[i].caCertSz); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12111; + } + } + + pkcs7->rng = &rng; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->hashOID = testVectors[i].hashOID; + pkcs7->encryptOID = testVectors[i].signOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->signedAttribs = testVectors[i].signedAttribs; + pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; + + /* optional custom contentType, default is DATA, + overrides contentOID if set */ + if (testVectors[i].contentType != NULL) { + ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType, + testVectors[i].contentTypeSz); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12112; + } + } + + /* set SignerIdentifier to use SubjectKeyIdentifier if desired, + default is IssuerAndSerialNumber */ + if (testVectors[i].sidType == CMS_SKID) { + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12113; + } + } + + /* generate senderNonce */ + { + senderNonce[0] = 0x04; + senderNonce[1] = PKCS7_NONCE_SZ; + + ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12114; + } + } + + /* generate transactionID (used with SCEP) */ + { + #ifndef NO_SHA + wc_Sha sha; + byte digest[WC_SHA_DIGEST_SIZE]; + #else + wc_Sha256 sha; + byte digest[WC_SHA256_DIGEST_SIZE]; + #endif + int j,k; + + transId[0] = 0x13; + transId[1] = sizeof(digest) * 2; + + #ifndef NO_SHA + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12115; + } + wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); + wc_ShaFinal(&sha, digest); + wc_ShaFree(&sha); + #else + ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12116; + } + wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); + wc_Sha256Final(&sha, digest); + wc_Sha256Free(&sha); + #endif + + for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { + XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); + } + } + + /* enable detached signature generation, if set */ + if (testVectors[i].detachedSignature == 1) { + ret = wc_PKCS7_SetDetached(pkcs7, 1); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12117; + } + } + + encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); + if (encodedSz < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12118; + } + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* write PKCS#7 to output file for more testing */ + file = XFOPEN(testVectors[i].outFileName, "wb"); + if (!file) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12119; + } + ret = (int)XFWRITE(out, 1, encodedSz, file); + XFCLOSE(file); + if (ret != (int)encodedSz) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12120; + } + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12121; + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + if (testVectors[i].detachedSignature == 1) { + /* set content for verifying detached signatures */ + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + } + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12122; + } + + /* verify contentType extracted successfully for custom content types */ + if (testVectors[i].contentTypeSz > 0) { + if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) { + return -12123; + } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType, + pkcs7->contentTypeSz) != 0) { + return -12124; + } + } + + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12125; + } + + { + /* check getting signed attributes */ + #ifndef NO_SHA + byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; + #else + byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; + #endif + byte* oidPt = transIdOid + 2; /* skip object id tag and size */ + int oidSz = (int)sizeof(transIdOid) - 2; + int bufSz = 0; + + if (testVectors[i].signedAttribs != NULL && + wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, + NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12126; + } + + if (bufSz > (int)sizeof(buf)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12127; + } + + bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, + buf, (word32*)&bufSz); + if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || + (testVectors[i].signedAttribs == NULL && bufSz > 0)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12128; + } + } + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + file = XFOPEN("./pkcs7cert.der", "wb"); + if (!file) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12129; + } + ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); + XFCLOSE(file); + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + } + + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + + if (ret > 0) + return 0; + + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; + + return ret; +} + + +static int pkcs7signed_run_SingleShotVectors( + byte* rsaClientCertBuf, word32 rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32 rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32 rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32 eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) +{ + int ret, testSz, i; + int encodedSz; + byte* out; + word32 outSz; + WC_RNG rng; + PKCS7* pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE file; +#endif + + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + byte aes256Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif + + static byte messageTypeOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x02 }; + static byte messageType[] = { 0x13, 2, '1', '9' }; + + PKCS7Attrib attribs[] = + { + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) }, + }; + + const pkcs7SignedVector testVectors[] = + { +#ifndef NO_RSA + #ifndef NO_SHA256 + /* Signed FirmwarePkgData, RSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0, + 0, 0, NULL, 0, NULL, 0, 0}, + + /* Signed FirmwarePkgData, RSA, SHA256, attrs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 0}, + + /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL, + 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, + + /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, + rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, + rsaCaCertBuf, rsaCaCertBufSz, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, + + #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0, + NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, + + /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0, + NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, + #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0, + NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, + + /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0, + NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, + + #ifndef NO_PKCS7_ENCRYPTED_DATA + /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, + no attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, + 0, 0}, + + /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, + attribs */ + {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, + #endif /* !NO_PKCS7_ENCRYPTED_DATA */ + + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + #endif /* NO_SHA256 */ +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef NO_SHA256 + /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, + + /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, + + /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, + 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, + + #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, + + /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, + #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, + + /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, + + #ifndef NO_PKCS7_ENCRYPTED_DATA + /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, + no attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, + 0, 0}, + + /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, + attribs */ + {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, + #endif /* !NO_PKCS7_ENCRYPTED_DATA */ + + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + #endif /* NO_SHA256 */ +#endif /* HAVE_ECC */ + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); + + outSz = FOURK_BUF; + out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + return -12130; + + XMEMSET(out, 0, outSz); + + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -12131; + } + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -12132; + } + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12133; + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12134; + } + + /* load CA certificate, if present */ + if (testVectors[i].caCert != NULL) { + ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, + (word32)testVectors[i].caCertSz); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12135; + } + } + + /* set SignerIdentifier to use SubjectKeyIdentifier if desired, + default is IssuerAndSerialNumber */ + if (testVectors[i].sidType == CMS_SKID) { + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12136; + } + } + + if (testVectors[i].encCompFlag == 0) { + + /* encode Signed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].signOID, testVectors[i].hashOID, + (byte*)testVectors[i].content, testVectors[i].contentSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12137; + } + + #ifndef NO_PKCS7_ENCRYPTED_DATA + + } else if (testVectors[i].encCompFlag == 1) { + + /* encode Signed Encrypted FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, + testVectors[i].encryptKey, testVectors[i].encryptKeySz, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].encryptOID, testVectors[i].signOID, + testVectors[i].hashOID, (byte*)testVectors[i].content, + testVectors[i].contentSz, testVectors[i].unprotectedAttribs, + testVectors[i].unprotectedAttribsSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12138; + } + #endif + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + } else if (testVectors[i].encCompFlag == 2) { + + /* encode Signed Compressed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].signOID, testVectors[i].hashOID, + (byte*)testVectors[i].content, testVectors[i].contentSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12139; + } + + #ifndef NO_PKCS7_ENCRYPTED_DATA + } else if (testVectors[i].encCompFlag == 3) { + + /* encode Signed Encrypted Compressed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7, + testVectors[i].encryptKey, testVectors[i].encryptKeySz, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].encryptOID, testVectors[i].signOID, + testVectors[i].hashOID, (byte*)testVectors[i].content, + testVectors[i].contentSz, testVectors[i].unprotectedAttribs, + testVectors[i].unprotectedAttribsSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12140; + } + + #endif /* NO_PKCS7_ENCRYPTED_DATA */ + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + } else { + /* unsupported SignedData single-shot combination */ + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12141; + } + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* write PKCS#7 to output file for more testing */ + file = XFOPEN(testVectors[i].outFileName, "wb"); + if (!file) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12142; + } + ret = (int)XFWRITE(out, 1, encodedSz, file); + XFCLOSE(file); + if (ret != (int)encodedSz) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12143; + } + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + return -12144; + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12145; + } +#ifndef NO_PKCS7_STREAM + { + word32 z; + for (z = 0; z < outSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1); + if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + printf("unexpected error %d\n", ret); + return -12146; + } + } + } +#endif + + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12147; + } + + if (testVectors[i].encCompFlag == 0) { + /* verify decoded content matches expected */ + if ((pkcs7->contentSz != testVectors[i].contentSz) || + XMEMCMP(pkcs7->content, testVectors[i].content, + pkcs7->contentSz)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12148; + } + + } + #ifndef NO_PKCS7_ENCRYPTED_DATA + else if (testVectors[i].encCompFlag == 1) { + + /* decrypt inner encryptedData */ + pkcs7->encryptionKey = testVectors[i].encryptKey; + pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; + + ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, out, outSz); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12149; + } + + /* compare decrypted to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, ret)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12150; + } + } + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + else if (testVectors[i].encCompFlag == 2) { + + /* decompress inner compressedData */ + ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content, + pkcs7->contentSz, out, outSz); + if (ret < 0) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12151; + } + + /* compare decompressed to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, ret)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12152; + } + } + #ifndef NO_PKCS7_ENCRYPTED_DATA + else if (testVectors[i].encCompFlag == 3) { + + byte* encryptedTmp; + int encryptedTmpSz; + + encryptedTmpSz = FOURK_BUF; + encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (encryptedTmp == NULL) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12153; + } + + XMEMSET(encryptedTmp, 0, encryptedTmpSz); + + /* decrypt inner encryptedData */ + pkcs7->encryptionKey = testVectors[i].encryptKey; + pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; + + encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, encryptedTmp, + encryptedTmpSz); + + if (encryptedTmpSz < 0) { + XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12154; + } + + /* decompress inner compressedData */ + ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp, + encryptedTmpSz, out, outSz); + if (ret < 0) { + XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12155; + } + + XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + /* compare decompressed to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, ret)) { + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + return -12156; + } + } + #endif /* NO_PKCS7_ENCRYPTED_DATA */ + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + wc_PKCS7_Free(pkcs7); + } + + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + + if (ret > 0) + return 0; + + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; + + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; + + return ret; +} + + +int pkcs7signed_test(void) +{ + int ret = 0; + + byte* rsaClientCertBuf = NULL; + byte* rsaServerCertBuf = NULL; + byte* rsaCaCertBuf = NULL; + byte* eccClientCertBuf = NULL; + byte* rsaClientPrivKeyBuf = NULL; + byte* rsaServerPrivKeyBuf = NULL; + byte* rsaCaPrivKeyBuf = NULL; + byte* eccClientPrivKeyBuf = NULL; + + word32 rsaClientCertBufSz = 0; + word32 rsaServerCertBufSz = 0; + word32 rsaCaCertBufSz = 0; + word32 eccClientCertBufSz = 0; + word32 rsaClientPrivKeyBufSz = 0; + word32 rsaServerPrivKeyBufSz = 0; + word32 rsaCaPrivKeyBufSz = 0; + word32 eccClientPrivKeyBufSz = 0; + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (rsaClientCertBuf == NULL) + ret = -12200; + + rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaClientPrivKeyBuf == NULL) { + ret = -12201; + } + + rsaClientCertBufSz = FOURK_BUF; + rsaClientPrivKeyBufSz = FOURK_BUF; + + /* read server RSA cert and key in DER format */ + rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaServerCertBuf == NULL) + ret = -12202; + + rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaServerPrivKeyBuf == NULL) { + ret = -12203; + } + + rsaServerCertBufSz = FOURK_BUF; + rsaServerPrivKeyBufSz = FOURK_BUF; + + /* read CA RSA cert and key in DER format, for use with server cert */ + rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaCaCertBuf == NULL) + ret = -12204; + + rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaCaPrivKeyBuf == NULL) { + ret = -12205; + } + + rsaCaCertBufSz = FOURK_BUF; + rsaCaPrivKeyBufSz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && eccClientCertBuf == NULL) { + ret = -12206; + } + + eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && eccClientPrivKeyBuf == NULL) { + ret = -12207; + } + + eccClientCertBufSz = FOURK_BUF; + eccClientPrivKeyBufSz = FOURK_BUF; +#endif /* HAVE_ECC */ + + if (ret >= 0) + ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz, + rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz, + rsaServerCertBuf, &rsaServerCertBufSz, + rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz, + rsaCaCertBuf, &rsaCaCertBufSz, + rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz, + eccClientCertBuf, &eccClientCertBufSz, + eccClientPrivKeyBuf, &eccClientPrivKeyBufSz); + if (ret < 0) { + ret = -12208; + } + + if (ret >= 0) + ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, + rsaServerCertBuf, (word32)rsaServerCertBufSz, + rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, + rsaCaCertBuf, (word32)rsaCaCertBufSz, + rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, + eccClientCertBuf, (word32)eccClientCertBufSz, + eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); + + if (ret >= 0) + ret = pkcs7signed_run_SingleShotVectors( + rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, + rsaServerCertBuf, (word32)rsaServerCertBufSz, + rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, + rsaCaCertBuf, (word32)rsaCaCertBufSz, + rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, + eccClientCertBuf, (word32)eccClientCertBufSz, + eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); + +#ifndef NO_AES + if (ret >= 0) + ret = pkcs7callback_test( + rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz); +#endif + + XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* HAVE_PKCS7 */ + +#ifdef HAVE_VALGRIND +/* Need a static build to have access to symbols. */ + +/* Maximum number of bytes in a number to test. */ +#define MP_MAX_TEST_BYTE_LEN 16 + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) +static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap) +{ + byte d[MP_MAX_TEST_BYTE_LEN]; + int ret; + + (void)heap; + + do { + ret = wc_RNG_GenerateBlock(rng, d, len); + if (ret != 0) + return ret; + ret = mp_read_unsigned_bin(n, d, len); + if (ret != 0) + return ret; + } while (mp_iszero(n)); + + return 0; +} +#endif + +int mp_test(void) +{ + WC_RNG rng; + int ret; +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) + int i, j, k; + mp_digit d; +#endif + mp_int a, b, r1, r2, p; + + ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL); + if (ret != 0) + return -12300; + + mp_init_copy(&p, &a); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + goto done; + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) + mp_set_int(&a, 0); + if (a.used != 0 || a.dp[0] != 0) + return -12301; + + for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { + for (i = 0; i < 4 * j; i++) { + /* New values to use. */ + ret = randNum(&p, j, &rng, NULL); + if (ret != 0) + return -12302; + ret = randNum(&a, j, &rng, NULL); + if (ret != 0) + return -12303; + ret = randNum(&b, j, &rng, NULL); + if (ret != 0) + return -12304; + ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); + if (ret != 0) + return -12305; + d &= MP_MASK; + + /* Ensure sqrmod produce same result as mulmod. */ + ret = mp_sqrmod(&a, &p, &r1); + if (ret != 0) + return -12306; + ret = mp_mulmod(&a, &a, &p, &r2); + if (ret != 0) + return -12307; + if (mp_cmp(&r1, &r2) != 0) + return -12308; + + /* Ensure add with mod produce same result as sub with mod. */ + ret = mp_addmod(&a, &b, &p, &r1); + if (ret != 0) + return -12309; + b.sign ^= 1; + ret = mp_submod(&a, &b, &p, &r2); + if (ret != 0) + return -12310; + if (mp_cmp(&r1, &r2) != 0) + return -12311; + + /* Ensure add digit produce same result as sub digit. */ + ret = mp_add_d(&a, d, &r1); + if (ret != 0) + return -12312; + ret = mp_sub_d(&r1, d, &r2); + if (ret != 0) + return -12313; + if (mp_cmp(&a, &r2) != 0) + return -12314; + + /* Invert - if p is even it will use the slow impl. + * - if p and a are even it will fail. + */ + ret = mp_invmod(&a, &p, &r1); + if (ret != 0 && ret != MP_VAL) + return -12315; + ret = 0; + + /* Shift up and down number all bits in a digit. */ + for (k = 0; k < DIGIT_BIT; k++) { + mp_mul_2d(&a, k, &r1); + mp_div_2d(&r1, k, &r2, &p); + if (mp_cmp(&a, &r2) != 0) + return -12316; + if (!mp_iszero(&p)) + return -12317; + mp_rshb(&r1, k); + if (mp_cmp(&a, &r1) != 0) + return -12318; + } + } + } + + /* Check that setting a 32-bit digit works. */ + d &= 0xffffffff; + mp_set_int(&a, d); + if (a.used != 1 || a.dp[0] != d) + return -12319; + + /* Check setting a bit and testing a bit works. */ + for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { + mp_zero(&a); + mp_set_bit(&a, i); + if (!mp_is_bit_set(&a, i)) + return -12320; + } +#endif + +done: + mp_clear(&p); + mp_clear(&r2); + mp_clear(&r1); + mp_clear(&b); + mp_clear(&a); + wc_FreeRng(&rng); + return ret; +} +#endif + + +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) + +typedef struct pairs_t { + const unsigned char* coeff; + int coeffSz; + int exp; +} pairs_t; + + +/* +n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293) +p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a + + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b +*/ + +static const unsigned char c192a[] = +{ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f, + 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23, + 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a +}; +static const unsigned char c0a[] = +{ + 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5, + 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18, + 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b +}; + +static const pairs_t ecPairsA[] = +{ + {c192a, sizeof(c192a), 192}, + {c0a, sizeof(c0a), 0} +}; + +static const int kA[] = {173, 293}; + +static const unsigned char controlPrime[] = { + 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49, + 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7, + 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d, + 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1, + 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85, + 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8, + 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb, + 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86, + 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47, + 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7, + 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04, + 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa, + 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7, + 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21, + 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7, + 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53 +}; + +static const unsigned char testOne[] = { 1 }; + + +static int GenerateNextP(mp_int* p1, mp_int* p2, int k) +{ + int ret; + mp_int ki; + + ret = mp_init(&ki); + if (ret == 0) + ret = mp_set(&ki, k); + if (ret == 0) + ret = mp_sub_d(p1, 1, p2); + if (ret == 0) + ret = mp_mul(p2, &ki, p2); + if (ret == 0) + ret = mp_add_d(p2, 1, p2); + mp_clear(&ki); + + return ret; +} + + +static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, + const pairs_t* ecPairs, int ecPairsSz, + const int* k) +{ + mp_int x,y; + int ret, i; + + ret = mp_init(&x); + if (ret == 0) { + ret = mp_init(&y); + if (ret != 0) { + mp_clear(&x); + return MP_MEM; + } + } + for (i = 0; ret == 0 && i < ecPairsSz; i++) { + ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz); + /* p1 = 2^exp */ + if (ret == 0) + ret = mp_2expt(&y, ecPairs[i].exp); + /* p1 = p1 * m */ + if (ret == 0) + ret = mp_mul(&x, &y, &x); + /* p1 += */ + if (ret == 0) + ret = mp_add(p1, &x, p1); + mp_zero(&x); + mp_zero(&y); + } + mp_clear(&x); + mp_clear(&y); + + if (ret == 0) + ret = GenerateNextP(p1, p2, k[0]); + if (ret == 0) + ret = GenerateNextP(p1, p3, k[1]); + + return ret; +} + +int prime_test(void) +{ + mp_int n, p1, p2, p3; + int ret, isPrime = 0; + WC_RNG rng; + + ret = wc_InitRng(&rng); + if (ret == 0) + ret = mp_init_multi(&n, &p1, &p2, &p3, NULL, NULL); + if (ret == 0) + ret = GenerateP(&p1, &p2, &p3, + ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA); + if (ret == 0) + ret = mp_mul(&p1, &p2, &n); + if (ret == 0) + ret = mp_mul(&n, &p3, &n); + if (ret != 0) + return -12400; + + /* Check the old prime test using the number that false positives. + * This test result should indicate as not prime. */ + ret = mp_prime_is_prime(&n, 40, &isPrime); + if (ret != 0) + return -12401; + if (isPrime) + return -12402; + + /* This test result should fail. It should indicate the value as prime. */ + ret = mp_prime_is_prime(&n, 8, &isPrime); + if (ret != 0) + return -12403; + if (!isPrime) + return -12404; + + /* This test result should indicate the value as not prime. */ + ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); + if (ret != 0) + return -12405; + if (isPrime) + return -12406; + + ret = mp_read_unsigned_bin(&n, controlPrime, sizeof(controlPrime)); + if (ret != 0) + return -12407; + + /* This test result should indicate the value as prime. */ + ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); + if (ret != 0) + return -12408; + if (!isPrime) + return -12409; + + /* This test result should indicate the value as prime. */ + isPrime = -1; + ret = mp_prime_is_prime(&n, 8, &isPrime); + if (ret != 0) + return -12410; + if (!isPrime) + return -12411; + + ret = mp_read_unsigned_bin(&n, testOne, sizeof(testOne)); + if (ret != 0) + return -12412; + + /* This test result should indicate the value as not prime. */ + ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); + if (ret != 0) + return -12413; + if (isPrime) + return -12414; + + ret = mp_prime_is_prime(&n, 8, &isPrime); + if (ret != 0) + return -12415; + if (isPrime) + return -12416; + + mp_clear(&p3); + mp_clear(&p2); + mp_clear(&p1); + mp_clear(&n); + wc_FreeRng(&rng); + + return 0; +} + +#endif /* WOLFSSL_PUBLIC_MP */ + + +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) +/* wc_BerToDer is only public facing in the case of test cert or opensslextra */ +typedef struct berDerTestData { + const byte *in; + word32 inSz; + const byte *out; + word32 outSz; +} berDerTestData; + +int berder_test(void) +{ + int ret; + int i; + word32 len = 0, l; + byte out[32]; + static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 }; + static const byte good1_out[] = { 0x30, 0x00 }; + static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 }; + static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; + static const byte good3_in[] = { + 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00 + }; + static const byte good3_out[] = { 0x04, 0x1, 0x01 }; + static const byte good4_in[] = { + 0x30, 0x80, + 0x02, 0x01, 0x01, + 0x30, 0x80, + 0x24, 0x80, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x02, 0x03, + 0x00, 0x00, + 0x06, 0x01, 0x01, + 0x00, 0x00, + 0x31, 0x80, + 0x06, 0x01, 0x01, + 0x00, 0x00, + 0x00, 0x00, + }; + static const byte good4_out[] = { + 0x30, 0x12, + 0x02, 0x01, 0x01, + 0x30, 0x08, + 0x04, 0x03, 0x01, 0x02, 0x03, + 0x06, 0x01, 0x01, + 0x31, 0x03, + 0x06, 0x01, 0x01 + }; + static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; + + berDerTestData testData[] = { + { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) }, + { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) }, + { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) }, + { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) }, + { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) }, + }; + + for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { + ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); + if (ret != LENGTH_ONLY_E) + return -12500 - i; + if (len != testData[i].outSz) + return -12510 - i; + len = testData[i].outSz; + ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); + if (ret != 0) + return -12520 - i; + if (XMEMCMP(out, testData[i].out, len) != 0) + return -12530 - i; + + for (l = 1; l < testData[i].inSz; l++) { + ret = wc_BerToDer(testData[i].in, l, NULL, &len); + if (ret != ASN_PARSE_E) + return -12540; + len = testData[i].outSz; + ret = wc_BerToDer(testData[i].in, l, out, &len); + if (ret != ASN_PARSE_E) + return -12541; + } + + for (l = 0; l < testData[i].outSz-1; l++) { + ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l); + if (ret != BUFFER_E) + return -12542; + } + } + + ret = wc_BerToDer(NULL, 4, NULL, NULL); + if (ret != BAD_FUNC_ARG) + return -12543; + ret = wc_BerToDer(out, 4, NULL, NULL); + if (ret != BAD_FUNC_ARG) + return -12544; + ret = wc_BerToDer(NULL, 4, NULL, &len); + if (ret != BAD_FUNC_ARG) + return -12545; + ret = wc_BerToDer(NULL, 4, out, NULL); + if (ret != BAD_FUNC_ARG) + return -12546; + ret = wc_BerToDer(out, 4, out, NULL); + if (ret != BAD_FUNC_ARG) + return -12547; + ret = wc_BerToDer(NULL, 4, out, &len); + if (ret != BAD_FUNC_ARG) + return -12548; + + for (l = 1; l < sizeof(good4_out); l++) { + len = l; + ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); + if (ret != BUFFER_E) + return -12549; + } + + return 0; +} +#endif + +#ifdef DEBUG_WOLFSSL +static THREAD_LS_T int log_cnt = 0; +static void my_Logging_cb(const int logLevel, const char *const logMessage) +{ + (void)logLevel; + (void)logMessage; + log_cnt++; +} +#endif /* DEBUG_WOLFSSL */ + +int logging_test(void) +{ +#ifdef DEBUG_WOLFSSL + const char* msg = "Testing, testing. 1, 2, 3, 4 ..."; + byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + byte b[256]; + int i; + + for (i = 0; i < (int)sizeof(b); i++) + b[i] = i; + + if (wolfSSL_Debugging_ON() != 0) + return -12600; + + if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0) + return -12601; + + WOLFSSL_MSG(msg); + WOLFSSL_BUFFER(a, sizeof(a)); + WOLFSSL_BUFFER(b, sizeof(b)); + WOLFSSL_BUFFER(NULL, 0); + WOLFSSL_ERROR(MEMORY_E); + WOLFSSL_ERROR_MSG(msg); + + /* turn off logs */ + wolfSSL_Debugging_OFF(); + + /* capture log count */ + i = log_cnt; + + /* validate no logs are output when disabled */ + WOLFSSL_MSG(msg); + WOLFSSL_BUFFER(a, sizeof(a)); + WOLFSSL_BUFFER(b, sizeof(b)); + WOLFSSL_BUFFER(NULL, 0); + WOLFSSL_ERROR(MEMORY_E); + WOLFSSL_ERROR_MSG(msg); + + /* check the logs were disabled */ + if (i != log_cnt) + return -12602; + + /* restore callback and leave logging enabled */ + wolfSSL_SetLoggingCb(NULL); + wolfSSL_Debugging_ON(); + + /* suppress unused args */ + (void)a; + (void)b; + +#else + if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN) + return -12603; + wolfSSL_Debugging_OFF(); + if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN) + return -12604; +#endif /* DEBUG_WOLFSSL */ + return 0; +} + + +int mutex_test(void) +{ +#ifdef WOLFSSL_PTHREADS + wolfSSL_Mutex m; +#endif +#ifndef WOLFSSL_NO_MALLOC + wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); + if (mm == NULL) + return -12700; + wc_FreeMutex(mm); + XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX); +#endif + +#ifdef WOLFSSL_PTHREADS + if (wc_InitMutex(&m) != 0) + return -12701; + if (wc_LockMutex(&m) != 0) + return -12702; + if (wc_FreeMutex(&m) != BAD_MUTEX_E) + return -12703; + if (wc_UnLockMutex(&m) != 0) + return -12704; + if (wc_FreeMutex(&m) != 0) + return -12705; +#ifndef WOLFSSL_NO_MUTEXLOCK_AFTER_FREE + if (wc_LockMutex(&m) != BAD_MUTEX_E) + return -12706; + if (wc_UnLockMutex(&m) != BAD_MUTEX_E) + return -12707; +#endif +#endif + + return 0; +} + +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) + +#ifndef WOLFSSL_NO_MALLOC +static int malloc_cnt = 0; +static int realloc_cnt = 0; +static int free_cnt = 0; + +static void *my_Malloc_cb(size_t size) +{ + malloc_cnt++; + #ifndef WOLFSSL_NO_MALLOC + return malloc(size); + #else + WOLFSSL_MSG("No malloc available"); + (void)size; + return NULL; + #endif +} +static void my_Free_cb(void *ptr) +{ + free_cnt++; + #ifndef WOLFSSL_NO_MALLOC + free(ptr); + #else + WOLFSSL_MSG("No free available"); + (void)ptr; + #endif +} +static void *my_Realloc_cb(void *ptr, size_t size) +{ + realloc_cnt++; + #ifndef WOLFSSL_NO_MALLOC + return realloc(ptr, size); + #else + WOLFSSL_MSG("No realloc available"); + (void)ptr; + (void)size; + return NULL; + #endif +} +#endif /* !WOLFSSL_NO_MALLOC */ + +int memcb_test(void) +{ + int ret = 0; +#ifndef WOLFSSL_NO_MALLOC + byte* b = NULL; +#endif + wolfSSL_Malloc_cb mc; + wolfSSL_Free_cb fc; + wolfSSL_Realloc_cb rc; + + /* Save existing memory callbacks */ + if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0) + return -12800; + +#ifndef WOLFSSL_NO_MALLOC + /* test realloc */ + b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL) { + ERROR_OUT(-12801, exit_memcb); + } + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + b = NULL; + + /* Use API. */ + if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb, + (wolfSSL_Free_cb)(void*)&my_Free_cb, + (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) { + ERROR_OUT(-12802, exit_memcb); + } + + b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); + b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#ifndef WOLFSSL_STATIC_MEMORY + if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1) +#else + if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) +#endif + ret = -12803; +#endif /* !WOLFSSL_NO_MALLOC */ + +#ifndef WOLFSSL_NO_MALLOC +exit_memcb: +#endif + + /* restore memory callbacks */ + wolfSSL_SetAllocators(mc, fc, rc); + + return ret; +} +#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */ + + +#ifdef WOLFSSL_IMX6_CAAM_BLOB +int blob_test(void) +{ + int ret = 0; + byte out[112]; + byte blob[112]; + word32 outSz; + + const byte iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + const byte text[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + + XMEMSET(blob, 0, sizeof(blob)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); + if (ret != 0) { + ERROR_OUT(-12900, exit_blob); + } + + blob[outSz - 2] += 1; + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret == 0) { /* should fail with altered blob */ + ERROR_OUT(-12901, exit_blob); + } + + XMEMSET(blob, 0, sizeof(blob)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); + if (ret != 0) { + ERROR_OUT(-12902, exit_blob); + } + + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret != 0) { + ERROR_OUT(-12903, exit_blob); + } + + if (XMEMCMP(out, iv, sizeof(iv))) { + ERROR_OUT(-12904, exit_blob); + } + + XMEMSET(blob, 0, sizeof(blob)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); + if (ret != 0) { + ERROR_OUT(-12905, exit_blob); + } + + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret != 0) { + ERROR_OUT(-12906, exit_blob); + } + + if (XMEMCMP(out, text, sizeof(text))) { + ERROR_OUT(-12907, exit_blob); + } + + exit_blob: + + return ret; +} +#endif /* WOLFSSL_IMX6_CAAM_BLOB */ + +#ifdef WOLF_CRYPTO_CB + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* example, not used */ +} myCryptoDevCtx; + + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + +#ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Algo Type %d\n", info->algo_type); +#endif + + if (info->algo_type == WC_ALGO_TYPE_RNG) { + #ifndef WC_NO_RNG + /* set devId to invalid, so software is used */ + info->rng.rng->devId = INVALID_DEVID; + + ret = wc_RNG_GenerateBlock(info->rng.rng, + info->rng.out, info->rng.sz); + + /* reset devId */ + info->rng.rng->devId = devIdArg; + #endif + } + else if (info->algo_type == WC_ALGO_TYPE_SEED) { + #ifndef WC_NO_RNG + static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; + word32* seedWord32 = (word32*)seed; + word32 len; + + /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */ + while (info->seed.sz > 0) { + len = (word32)sizeof(seed); + if (info->seed.sz < len) + len = info->seed.sz; + XMEMCPY(info->seed.seed, seed, sizeof(seed)); + info->seed.seed += len; + info->seed.sz -= len; + (*seedWord32)++; + } + + ret = 0; + #endif + } + else if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #ifdef WOLFSSL_KEY_GEN + else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { + info->pk.rsakg.key->devId = INVALID_DEVID; + + ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, + info->pk.rsakg.e, info->pk.rsakg.rng); + + /* reset devId */ + info->pk.rsakg.key->devId = devIdArg; + } + #endif + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.eckg.key->devId = INVALID_DEVID; + + ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, + info->pk.eckg.key, info->pk.eckg.curveId); + + /* reset devId */ + info->pk.eckg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { +#if !defined(NO_AES) || !defined(NO_DES3) + #ifdef HAVE_AESGCM + if (info->cipher.type == WC_CIPHER_AES_GCM) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; + + ret = wc_AesGcmEncrypt( + info->cipher.aesgcm_enc.aes, + info->cipher.aesgcm_enc.out, + info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz); + + /* reset devId */ + info->cipher.aesgcm_enc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; + + ret = wc_AesGcmDecrypt( + info->cipher.aesgcm_dec.aes, + info->cipher.aesgcm_dec.out, + info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz); + + /* reset devId */ + info->cipher.aesgcm_dec.aes->devId = devIdArg; + } + } + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + if (info->cipher.type == WC_CIPHER_AES_CBC) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcEncrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcDecrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devIdArg; + } + } + #endif /* HAVE_AES_CBC */ + #ifndef NO_DES3 + if (info->cipher.type == WC_CIPHER_DES3) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.des3.des->devId = INVALID_DEVID; + + ret = wc_Des3_CbcEncrypt( + info->cipher.des3.des, + info->cipher.des3.out, + info->cipher.des3.in, + info->cipher.des3.sz); + + /* reset devId */ + info->cipher.des3.des->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.des3.des->devId = INVALID_DEVID; + + ret = wc_Des3_CbcDecrypt( + info->cipher.des3.des, + info->cipher.des3.out, + info->cipher.des3.in, + info->cipher.des3.sz); + + /* reset devId */ + info->cipher.des3.des->devId = devIdArg; + } + } + #endif /* !NO_DES3 */ +#endif /* !NO_AES || !NO_DES3 */ + } +#if !defined(NO_SHA) || !defined(NO_SHA256) + else if (info->algo_type == WC_ALGO_TYPE_HASH) { + #if !defined(NO_SHA) + if (info->hash.type == WC_HASH_TYPE_SHA) { + if (info->hash.sha1 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha1->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_ShaUpdate( + info->hash.sha1, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_ShaFinal( + info->hash.sha1, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha1->devId = devIdArg; + } + else + #endif + #if !defined(NO_SHA256) + if (info->hash.type == WC_HASH_TYPE_SHA256) { + if (info->hash.sha256 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha256->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha256Update( + info->hash.sha256, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha256Final( + info->hash.sha256, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha256->devId = devIdArg; + } + else + #endif + { + } + } +#endif /* !NO_SHA || !NO_SHA256 */ +#ifndef NO_HMAC + else if (info->algo_type == WC_ALGO_TYPE_HMAC) { + if (info->hmac.hmac == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hmac.hmac->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_HmacUpdate( + info->hmac.hmac, + info->hmac.in, + info->hmac.inSz); + } + else if (info->hash.digest != NULL) { + ret = wc_HmacFinal( + info->hmac.hmac, + info->hmac.digest); + } + + /* reset devId */ + info->hmac.hmac->devId = devIdArg; + } +#endif + + (void)devIdArg; + (void)myCtx; + + return ret; +} + +int cryptocb_test(void) +{ + int ret = 0; + myCryptoDevCtx myCtx; + + /* example data for callback */ + myCtx.exampleVar = 1; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx); + +#ifndef WC_NO_RNG + if (ret == 0) + ret = random_test(); +#endif /* WC_NO_RNG */ +#ifndef NO_RSA + if (ret == 0) + ret = rsa_test(); +#endif +#ifdef HAVE_ECC + if (ret == 0) + ret = ecc_test(); +#endif +#ifndef NO_AES + #ifdef HAVE_AESGCM + if (ret == 0) + ret = aesgcm_test(); + #endif + #ifdef HAVE_AES_CBC + if (ret == 0) + ret = aes_test(); + #endif +#endif /* !NO_AES */ +#ifndef NO_DES3 + if (ret == 0) + ret = des3_test(); +#endif /* !NO_DES3 */ +#if !defined(NO_SHA) || !defined(NO_SHA256) + #ifndef NO_SHA + if (ret == 0) + ret = sha_test(); + #endif + #ifndef NO_SHA256 + if (ret == 0) + ret = sha256_test(); + #endif +#endif +#ifndef NO_HMAC + #ifndef NO_SHA + if (ret == 0) + ret = hmac_sha_test(); + #endif + #ifndef NO_SHA256 + if (ret == 0) + ret = hmac_sha256_test(); + #endif +#endif +#ifndef NO_PWDBASED + #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) + if (ret == 0) + ret = pbkdf2_test(); + #endif +#endif + + /* reset devId */ + devId = INVALID_DEVID; + + return ret; +} +#endif /* WOLF_CRYPTO_CB */ + +#ifdef WOLFSSL_CERT_PIV +int certpiv_test(void) +{ + int ret; + wc_CertPIV piv; + + /* Template for Identiv PIV cert, nonce and signature */ + const byte pivCertIdentiv[] = { + 0x0A, 0x0D, + 0x53, 0x04, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x00, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + 0x0B, 0x01, 0x00, /* Nonce */ + 0x0C, 0x01, 0x00, /* Signed Nonce */ + }; + + const byte pivCert[] = { + 0x53, 0x04, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x00, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + }; + + /* Test with identiv 0x0A, 0x0B and 0x0C markers */ + ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); + if (ret == 0) { + /* Test with NIST PIV format */ + ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); + } + + return ret; +} +#endif /* WOLFSSL_CERT_PIV */ + + +#undef ERROR_OUT + +#else + #ifndef NO_MAIN_DRIVER + int main() { return 0; } + #endif +#endif /* NO_CRYPT_TEST */ diff --git a/client/wolfssl/wolfcrypt/test/test.h b/client/wolfssl/wolfcrypt/test/test.h new file mode 100644 index 0000000..7a6fc7c --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/test.h @@ -0,0 +1,43 @@ +/* wolfcrypt/test/test.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFCRYPT_TEST_H +#define WOLFCRYPT_TEST_H + + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args); +#else +int wolfcrypt_test(void* args); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFCRYPT_TEST_H */ + diff --git a/client/wolfssl/wolfcrypt/test/test.sln b/client/wolfssl/wolfcrypt/test/test.sln new file mode 100644 index 0000000..55b9872 --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/test.sln @@ -0,0 +1,59 @@ + +Microsoft Visual Studio Solution File, Format Version 9.00 +# Visual C++ Express 2005 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" + ProjectSection(ProjectDependencies) = postProject + {73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + DLL Debug|Win32 = DLL Debug|Win32 + DLL Debug|x64 = DLL Debug|x64 + DLL Release|Win32 = DLL Release|Win32 + DLL Release|x64 = DLL Release|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 + {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/client/wolfssl/wolfcrypt/test/test.vcproj b/client/wolfssl/wolfcrypt/test/test.vcproj new file mode 100644 index 0000000..9758d8b --- /dev/null +++ b/client/wolfssl/wolfcrypt/test/test.vcproj @@ -0,0 +1,197 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VisualStudioProject + ProjectType="Visual C++" + Version="8.00" + Name="test" + ProjectGUID="{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" + Keyword="Win32Proj" + > + <Platforms> + <Platform + Name="Win32" + /> + </Platforms> + <ToolFiles> + </ToolFiles> + <Configurations> + <Configuration + Name="Debug|Win32" + OutputDirectory="Debug" + IntermediateDirectory="Debug" + ConfigurationType="1" + > + <Tool + Name="VCPreBuildEventTool" + /> + <Tool + Name="VCCustomBuildTool" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + Optimization="0" + AdditionalIncludeDirectories="../..;../../IDE/WIN;" + PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" + MinimalRebuild="true" + BasicRuntimeChecks="3" + RuntimeLibrary="3" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="4" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLinkerTool" + AdditionalDependencies="Ws2_32.lib" + LinkIncremental="2" + GenerateDebugInformation="true" + SubSystem="1" + TargetMachine="1" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCManifestTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCAppVerifierTool" + /> + <Tool + Name="VCWebDeploymentTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + <Configuration + Name="Release|Win32" + OutputDirectory="Release" + IntermediateDirectory="Release" + ConfigurationType="1" + > + <Tool + Name="VCPreBuildEventTool" + /> + <Tool + Name="VCCustomBuildTool" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + AdditionalIncludeDirectories="../..;../../IDE/WIN;" + PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" + RuntimeLibrary="2" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="3" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLinkerTool" + AdditionalDependencies="Ws2_32.lib" + LinkIncremental="2" + GenerateDebugInformation="true" + SubSystem="1" + OptimizeReferences="2" + EnableCOMDATFolding="2" + TargetMachine="1" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCManifestTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCAppVerifierTool" + /> + <Tool + Name="VCWebDeploymentTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + </Configurations> + <References> + </References> + <Files> + <Filter + Name="Header Files" + Filter="h;hpp;hxx;hm;inl;inc;xsd" + UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}" + > + </Filter> + <Filter + Name="Resource Files" + Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx" + UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}" + > + </Filter> + <Filter + Name="Source Files" + Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx" + UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}" + > + <File + RelativePath=".\test.c" + > + </File> + </Filter> + </Files> + <Globals> + </Globals> +</VisualStudioProject> |