diff options
| author | auth12 <[email protected]> | 2020-07-21 13:07:42 -0700 |
|---|---|---|
| committer | auth12 <[email protected]> | 2020-07-21 13:07:42 -0700 |
| commit | f09669dd5846d95b063712571ccb7519910a0d6e (patch) | |
| tree | 902f5ad201651f2d96ccf619e90b76cfa06a7b9b /client/wolfssl/wolfcrypt | |
| parent | Syscalls. (diff) | |
| download | loader-f09669dd5846d95b063712571ccb7519910a0d6e.tar.xz loader-f09669dd5846d95b063712571ccb7519910a0d6e.zip | |
Added game selection.
Started process wrapper.
Removed asmjit.
Diffstat (limited to 'client/wolfssl/wolfcrypt')
20 files changed, 0 insertions, 38850 deletions
diff --git a/client/wolfssl/wolfcrypt/benchmark/README.md b/client/wolfssl/wolfcrypt/benchmark/README.md deleted file mode 100644 index fc01f37..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/README.md +++ /dev/null @@ -1,103 +0,0 @@ -# wolfCrypt Benchmarks - -Tool for performing cryptographic algorithm benchmarking. - -## Measurements - -* Symmetric algorithms like AES and ChaCha20 are measured in Killobytes (KB) or Megabytes (MB) per second. -* Asymmetric algorithms like RSA and ECC are measured using Operations Per Second (Ops) per second. - -## Usage - -```sh -./wolfcrypt/benchmark/benchmark -? -benchmark --? <num> Help, print this usage - 0: English, 1: Japanese --csv Print terminal output in csv format --base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) --no_aad No additional authentication data passed. --dgst_full Full digest operation performed. --rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. -<keySz> -rsa-sz - Measure RSA <key size> performance. --<alg> Algorithm to benchmark. Available algorithms include: - cipher aes-cbc aes-gcm aes-ecb aes-xts aes-cfb aes-ctr aes-ccm - camellia arc4 hc128 rabbit chacha20 chacha20-poly1305 des idea - digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 - sha3-224 sha3-256 sha3-384 sha3-512 ripemd - mac cmac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 - hmac-sha384 hmac-sha512 pbkdf2 - asym rsa-kg rsa rsa-sz dh ecc-kg ecc ecc-enc curve25519_kg x25519 - ed25519-kg ed25519 - other rng scrypt --lng <num> Display benchmark result by specified language. - 0: English, 1: Japanese -<num> Size of block in bytes -``` - -The `-base10` option shows as thousands of bytes (kB). - -## Example Output - -Run on Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz. - -```sh -./configure --enable-intelasm --enable-aesni --enable-sp --enable-sp-asm && make - -./wolfcrypt/benchmark/benchmark ------------------------------------------------------------------------------- - wolfSSL version 4.0.0 ------------------------------------------------------------------------------- -wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) -RNG 180 MB took 1.022 seconds, 176.201 MB/s Cycles per byte = 16.76 -AES-128-CBC-enc 1250 MB took 1.002 seconds, 1247.878 MB/s Cycles per byte = 2.37 -AES-128-CBC-dec 4595 MB took 1.001 seconds, 4591.703 MB/s Cycles per byte = 0.64 -AES-192-CBC-enc 1005 MB took 1.003 seconds, 1002.018 MB/s Cycles per byte = 2.95 -AES-192-CBC-dec 4345 MB took 1.000 seconds, 4344.744 MB/s Cycles per byte = 0.68 -AES-256-CBC-enc 905 MB took 1.005 seconds, 900.386 MB/s Cycles per byte = 3.28 -AES-256-CBC-dec 3255 MB took 1.001 seconds, 3251.618 MB/s Cycles per byte = 0.91 -AES-128-GCM-enc 4730 MB took 1.001 seconds, 4726.267 MB/s Cycles per byte = 0.62 -AES-128-GCM-dec 5140 MB took 1.000 seconds, 5137.596 MB/s Cycles per byte = 0.57 -AES-192-GCM-enc 4475 MB took 1.001 seconds, 4471.056 MB/s Cycles per byte = 0.66 -AES-192-GCM-dec 3405 MB took 1.001 seconds, 3403.179 MB/s Cycles per byte = 0.87 -AES-256-GCM-enc 2640 MB took 1.000 seconds, 2638.905 MB/s Cycles per byte = 1.12 -AES-256-GCM-dec 2780 MB took 1.001 seconds, 2776.632 MB/s Cycles per byte = 1.06 -CHACHA 2615 MB took 1.000 seconds, 2614.357 MB/s Cycles per byte = 1.13 -CHA-POLY 1490 MB took 1.001 seconds, 1488.344 MB/s Cycles per byte = 1.98 -MD5 440 MB took 1.010 seconds, 435.763 MB/s Cycles per byte = 6.78 -POLY1305 4900 MB took 1.001 seconds, 4896.430 MB/s Cycles per byte = 0.60 -SHA 515 MB took 1.011 seconds, 509.459 MB/s Cycles per byte = 5.80 -SHA-224 425 MB took 1.005 seconds, 422.737 MB/s Cycles per byte = 6.98 -SHA-256 420 MB took 1.006 seconds, 417.312 MB/s Cycles per byte = 7.08 -SHA-384 615 MB took 1.003 seconds, 613.018 MB/s Cycles per byte = 4.82 -SHA-512 560 MB took 1.007 seconds, 556.230 MB/s Cycles per byte = 5.31 -SHA3-224 295 MB took 1.003 seconds, 294.133 MB/s Cycles per byte = 10.04 -SHA3-256 280 MB took 1.003 seconds, 279.088 MB/s Cycles per byte = 10.58 -SHA3-384 215 MB took 1.002 seconds, 214.654 MB/s Cycles per byte = 13.76 -SHA3-512 145 MB took 1.005 seconds, 144.266 MB/s Cycles per byte = 20.47 -HMAC-MD5 485 MB took 1.004 seconds, 483.019 MB/s Cycles per byte = 6.11 -HMAC-SHA 505 MB took 1.006 seconds, 502.159 MB/s Cycles per byte = 5.88 -HMAC-SHA224 415 MB took 1.007 seconds, 411.965 MB/s Cycles per byte = 7.17 -HMAC-SHA256 380 MB took 1.002 seconds, 379.398 MB/s Cycles per byte = 7.78 -HMAC-SHA384 610 MB took 1.006 seconds, 606.370 MB/s Cycles per byte = 4.87 -HMAC-SHA512 620 MB took 1.001 seconds, 619.377 MB/s Cycles per byte = 4.77 -RSA 2048 public 52000 ops took 1.001 sec, avg 0.019 ms, 51932.223 ops/sec -RSA 2048 private 1700 ops took 1.022 sec, avg 0.601 ms, 1662.697 ops/sec -DH 2048 key gen 3491 ops took 1.000 sec, avg 0.286 ms, 3490.745 ops/sec -DH 2048 agree 3500 ops took 1.014 sec, avg 0.290 ms, 3452.191 ops/sec -ECC 256 key gen 88961 ops took 1.000 sec, avg 0.011 ms, 88960.279 ops/sec -ECDHE 256 agree 20700 ops took 1.005 sec, avg 0.049 ms, 20605.239 ops/sec -ECDSA 256 sign 53200 ops took 1.001 sec, avg 0.019 ms, 53157.214 ops/sec -ECDSA 256 verify 17200 ops took 1.004 sec, avg 0.058 ms, 17124.208 ops/sec -Benchmark complete -``` - - -## Windows Visual Studio - -For building wolfCrypt Benchmark project in Visual Studio open the `benchmark.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. - -If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the benchmark project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project). - -This solution includes the wolfSSL library project at `<wolfssl-root>wolfssl.vcxproj` and will compile the library, then the benchmark project. diff --git a/client/wolfssl/wolfcrypt/benchmark/benchmark.c b/client/wolfssl/wolfcrypt/benchmark/benchmark.c deleted file mode 100644 index f79f7c8..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/benchmark.c +++ /dev/null @@ -1,6328 +0,0 @@ -/* benchmark.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -/* wolfCrypt benchmark */ - - -#ifdef HAVE_CONFIG_H - #include <config.h> -#endif - -#ifndef WOLFSSL_USER_SETTINGS - #include <wolfssl/options.h> -#endif -#include <wolfssl/wolfcrypt/settings.h> -#include <wolfssl/version.h> -#include <wolfssl/wolfcrypt/wc_port.h> - -/* Macro to disable benchmark */ -#ifndef NO_CRYPT_BENCHMARK - -/* only for stack size check */ -#ifdef HAVE_STACK_SIZE - #include <wolfssl/ssl.h> - #include <wolfssl/test.h> -#endif - -#ifdef USE_FLAT_BENCHMARK_H - #include "benchmark.h" -#else - #include "wolfcrypt/benchmark/benchmark.h" -#endif - -/* printf mappings */ -#ifdef FREESCALE_MQX - #include <mqx.h> - /* see wc_port.h for fio.h and nio.h includes */ -#elif defined(FREESCALE_KSDK_1_3) - #include "fsl_debug_console.h" - #include "fsl_os_abstraction.h" - - #undef printf - #define printf PRINTF -#elif defined(WOLFSSL_DEOS) - #include <deos.h> - #undef printf - #define printf printx -#elif defined(MICRIUM) - #include <bsp_ser.h> - void BSP_Ser_Printf (CPU_CHAR* format, ...); - #undef printf - #define printf BSP_Ser_Printf -#elif defined(WOLFSSL_ZEPHYR) - #include <stdio.h> - #define BENCH_EMBEDDED - #define printf printfk - static int printfk(const char *fmt, ...) - { - int ret; - char line[150]; - va_list ap; - - va_start(ap, fmt); - - ret = vsnprintf(line, sizeof(line), fmt, ap); - line[sizeof(line)-1] = '\0'; - printk("%s", line); - - va_end(ap); - - return ret; - } - -#elif defined(WOLFSSL_TELIT_M2MB) - #include <stdarg.h> - #include <stdio.h> - #include <string.h> - #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ - /* remap printf */ - #undef printf - #define printf M2M_LOG_INFO - /* OS requires occasional sleep() */ - #ifndef TEST_SLEEP_MS - #define TEST_SLEEP_MS 50 - #endif - #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) - /* don't use file system for these tests, since ./certs dir isn't loaded */ - #undef NO_FILESYSTEM - #define NO_FILESYSTEM - -#else - #if defined(XMALLOC_USER) || defined(FREESCALE_MQX) - /* MQX classic needs for EXIT_FAILURE */ - #include <stdlib.h> /* we're using malloc / free direct here */ - #endif - - #ifndef STRING_USER - #include <string.h> - #include <stdio.h> - #endif - - /* enable way for customer to override test/bench printf */ - #ifdef XPRINTF - #undef printf - #define printf XPRINTF - #endif -#endif - -#include <wolfssl/wolfcrypt/memory.h> -#include <wolfssl/wolfcrypt/random.h> -#include <wolfssl/wolfcrypt/des3.h> -#include <wolfssl/wolfcrypt/arc4.h> -#include <wolfssl/wolfcrypt/hc128.h> -#include <wolfssl/wolfcrypt/rabbit.h> -#include <wolfssl/wolfcrypt/chacha.h> -#include <wolfssl/wolfcrypt/chacha20_poly1305.h> -#include <wolfssl/wolfcrypt/aes.h> -#include <wolfssl/wolfcrypt/poly1305.h> -#include <wolfssl/wolfcrypt/camellia.h> -#include <wolfssl/wolfcrypt/md5.h> -#include <wolfssl/wolfcrypt/sha.h> -#include <wolfssl/wolfcrypt/sha256.h> -#include <wolfssl/wolfcrypt/sha512.h> -#include <wolfssl/wolfcrypt/sha3.h> -#include <wolfssl/wolfcrypt/rsa.h> -#include <wolfssl/wolfcrypt/asn.h> -#include <wolfssl/wolfcrypt/ripemd.h> -#include <wolfssl/wolfcrypt/cmac.h> -#ifndef NO_HMAC - #include <wolfssl/wolfcrypt/hmac.h> -#endif -#ifndef NO_PWDBASED - #include <wolfssl/wolfcrypt/pwdbased.h> -#endif -#ifdef HAVE_ECC - #include <wolfssl/wolfcrypt/ecc.h> -#endif -#ifdef HAVE_IDEA - #include <wolfssl/wolfcrypt/idea.h> -#endif -#ifdef HAVE_CURVE25519 - #include <wolfssl/wolfcrypt/curve25519.h> -#endif -#ifdef HAVE_ED25519 - #include <wolfssl/wolfcrypt/ed25519.h> -#endif -#ifdef HAVE_CURVE448 - #include <wolfssl/wolfcrypt/curve448.h> -#endif -#ifdef HAVE_ED448 - #include <wolfssl/wolfcrypt/ed448.h> -#endif - -#include <wolfssl/wolfcrypt/dh.h> -#ifdef HAVE_NTRU - #include "libntruencrypt/ntru_crypto.h" -#endif -#include <wolfssl/wolfcrypt/random.h> -#include <wolfssl/wolfcrypt/error-crypt.h> -#include <wolfssl/wolfcrypt/types.h> - -#ifdef WOLF_CRYPTO_CB - #include <wolfssl/wolfcrypt/cryptocb.h> - #ifdef HAVE_INTEL_QA_SYNC - #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h> - #endif - #ifdef HAVE_CAVIUM_OCTEON_SYNC - #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h> - #endif -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - #include <wolfssl/wolfcrypt/async.h> -#endif - - -#ifdef WOLFSSL_STATIC_MEMORY - static WOLFSSL_HEAP_HINT* HEAP_HINT; -#else - #define HEAP_HINT NULL -#endif /* WOLFSSL_STATIC_MEMORY */ - -#ifndef EXIT_FAILURE -#define EXIT_FAILURE 1 -#endif - -/* optional macro to add sleep between tests */ -#ifndef TEST_SLEEP - /* stub the sleep macro */ - #define TEST_SLEEP() -#endif - - -/* Bit values for each algorithm that is able to be benchmarked. - * Common grouping of algorithms also. - * Each algorithm has a unique value for its type e.g. cipher. - */ -/* Cipher algorithms. */ -#define BENCH_AES_CBC 0x00000001 -#define BENCH_AES_GCM 0x00000002 -#define BENCH_AES_ECB 0x00000004 -#define BENCH_AES_XTS 0x00000008 -#define BENCH_AES_CTR 0x00000010 -#define BENCH_AES_CCM 0x00000020 -#define BENCH_CAMELLIA 0x00000100 -#define BENCH_ARC4 0x00000200 -#define BENCH_HC128 0x00000400 -#define BENCH_RABBIT 0x00000800 -#define BENCH_CHACHA20 0x00001000 -#define BENCH_CHACHA20_POLY1305 0x00002000 -#define BENCH_DES 0x00004000 -#define BENCH_IDEA 0x00008000 -#define BENCH_AES_CFB 0x00010000 -#define BENCH_AES_OFB 0x00020000 -/* Digest algorithms. */ -#define BENCH_MD5 0x00000001 -#define BENCH_POLY1305 0x00000002 -#define BENCH_SHA 0x00000004 -#define BENCH_SHA224 0x00000010 -#define BENCH_SHA256 0x00000020 -#define BENCH_SHA384 0x00000040 -#define BENCH_SHA512 0x00000080 -#define BENCH_SHA2 (BENCH_SHA224 | BENCH_SHA256 | \ - BENCH_SHA384 | BENCH_SHA512) -#define BENCH_SHA3_224 0x00000100 -#define BENCH_SHA3_256 0x00000200 -#define BENCH_SHA3_384 0x00000400 -#define BENCH_SHA3_512 0x00000800 -#define BENCH_SHA3 (BENCH_SHA3_224 | BENCH_SHA3_256 | \ - BENCH_SHA3_384 | BENCH_SHA3_512) -#define BENCH_RIPEMD 0x00001000 -#define BENCH_BLAKE2B 0x00002000 -#define BENCH_BLAKE2S 0x00004000 - -/* MAC algorithms. */ -#define BENCH_CMAC 0x00000001 -#define BENCH_HMAC_MD5 0x00000002 -#define BENCH_HMAC_SHA 0x00000004 -#define BENCH_HMAC_SHA224 0x00000010 -#define BENCH_HMAC_SHA256 0x00000020 -#define BENCH_HMAC_SHA384 0x00000040 -#define BENCH_HMAC_SHA512 0x00000080 -#define BENCH_HMAC (BENCH_HMAC_MD5 | BENCH_HMAC_SHA | \ - BENCH_HMAC_SHA224 | BENCH_HMAC_SHA256 | \ - BENCH_HMAC_SHA384 | BENCH_HMAC_SHA512) -#define BENCH_PBKDF2 0x00000100 - -/* Asymmetric algorithms. */ -#define BENCH_RSA_KEYGEN 0x00000001 -#define BENCH_RSA 0x00000002 -#define BENCH_RSA_SZ 0x00000004 -#define BENCH_DH 0x00000010 -#define BENCH_NTRU 0x00000100 -#define BENCH_NTRU_KEYGEN 0x00000200 -#define BENCH_ECC_MAKEKEY 0x00001000 -#define BENCH_ECC 0x00002000 -#define BENCH_ECC_ENCRYPT 0x00004000 -#define BENCH_CURVE25519_KEYGEN 0x00010000 -#define BENCH_CURVE25519_KA 0x00020000 -#define BENCH_ED25519_KEYGEN 0x00040000 -#define BENCH_ED25519_SIGN 0x00080000 -#define BENCH_CURVE448_KEYGEN 0x00100000 -#define BENCH_CURVE448_KA 0x00200000 -#define BENCH_ED448_KEYGEN 0x00400000 -#define BENCH_ED448_SIGN 0x00800000 -/* Other */ -#define BENCH_RNG 0x00000001 -#define BENCH_SCRYPT 0x00000002 - - -/* Benchmark all compiled in algorithms. - * When 1, ignore other benchmark algorithm values. - * 0, only benchmark algorithm values set. - */ -static int bench_all = 1; -/* Cipher algorithms to benchmark. */ -static int bench_cipher_algs = 0; -/* Digest algorithms to benchmark. */ -static int bench_digest_algs = 0; -/* MAC algorithms to benchmark. */ -static int bench_mac_algs = 0; -/* Asymmetric algorithms to benchmark. */ -static int bench_asym_algs = 0; -/* Other cryptographic algorithms to benchmark. */ -static int bench_other_algs = 0; - -#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(NO_MAIN_DRIVER) - -/* The mapping of command line option to bit values. */ -typedef struct bench_alg { - /* Command line option string. */ - const char* str; - /* Bit values to set. */ - int val; -} bench_alg; - -#ifndef MAIN_NO_ARGS -/* All recognized cipher algorithm choosing command line options. */ -static const bench_alg bench_cipher_opt[] = { - { "-cipher", -1 }, -#ifdef HAVE_AES_CBC - { "-aes-cbc", BENCH_AES_CBC }, -#endif -#ifdef HAVE_AESGCM - { "-aes-gcm", BENCH_AES_GCM }, -#endif -#ifdef WOLFSSL_AES_DIRECT - { "-aes-ecb", BENCH_AES_ECB }, -#endif -#ifdef WOLFSSL_AES_XTS - { "-aes-xts", BENCH_AES_XTS }, -#endif -#ifdef WOLFSSL_AES_CFB - { "-aes-cfb", BENCH_AES_CFB }, -#endif -#ifdef WOLFSSL_AES_OFB - { "-aes-ofb", BENCH_AES_OFB }, -#endif -#ifdef WOLFSSL_AES_COUNTER - { "-aes-ctr", BENCH_AES_CTR }, -#endif -#ifdef HAVE_AESCCM - { "-aes-ccm", BENCH_AES_CCM }, -#endif -#ifdef HAVE_CAMELLIA - { "-camellia", BENCH_CAMELLIA }, -#endif -#ifndef NO_RC4 - { "-arc4", BENCH_ARC4 }, -#endif -#ifdef HAVE_HC128 - { "-hc128", BENCH_HC128 }, -#endif -#ifndef NO_RABBIT - { "-rabbit", BENCH_RABBIT }, -#endif -#ifdef HAVE_CHACHA - { "-chacha20", BENCH_CHACHA20 }, -#endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - { "-chacha20-poly1305", BENCH_CHACHA20_POLY1305 }, -#endif -#ifndef NO_DES3 - { "-des", BENCH_DES }, -#endif -#ifdef HAVE_IDEA - { "-idea", BENCH_IDEA }, -#endif - { NULL, 0} -}; - -/* All recognized digest algorithm choosing command line options. */ -static const bench_alg bench_digest_opt[] = { - { "-digest", -1 }, -#ifndef NO_MD5 - { "-md5", BENCH_MD5 }, -#endif -#ifdef HAVE_POLY1305 - { "-poly1305", BENCH_POLY1305 }, -#endif -#ifndef NO_SHA - { "-sha", BENCH_SHA }, -#endif -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) || defined(WOLFSSL_SHA384) \ - || defined(WOLFSSL_SHA512) - { "-sha2", BENCH_SHA2 }, -#endif -#ifdef WOLFSSL_SHA224 - { "-sha224", BENCH_SHA224 }, -#endif -#ifndef NO_SHA256 - { "-sha256", BENCH_SHA256 }, -#endif -#ifdef WOLFSSL_SHA384 - { "-sha384", BENCH_SHA384 }, -#endif -#ifdef WOLFSSL_SHA512 - { "-sha512", BENCH_SHA512 }, -#endif -#ifdef WOLFSSL_SHA3 - { "-sha3", BENCH_SHA3 }, - #ifndef WOLFSSL_NOSHA3_224 - { "-sha3-224", BENCH_SHA3_224 }, - #endif - #ifndef WOLFSSL_NOSHA3_256 - { "-sha3-256", BENCH_SHA3_256 }, - #endif - #ifndef WOLFSSL_NOSHA3_384 - { "-sha3-384", BENCH_SHA3_384 }, - #endif - #ifndef WOLFSSL_NOSHA3_512 - { "-sha3-512", BENCH_SHA3_512 }, - #endif -#endif -#ifdef WOLFSSL_RIPEMD - { "-ripemd", BENCH_RIPEMD }, -#endif -#ifdef HAVE_BLAKE2 - { "-blake2b", BENCH_BLAKE2B }, -#endif -#ifdef HAVE_BLAKE2S - { "-blake2s", BENCH_BLAKE2S }, -#endif - { NULL, 0} -}; - -/* All recognized MAC algorithm choosing command line options. */ -static const bench_alg bench_mac_opt[] = { - { "-mac", -1 }, -#ifdef WOLFSSL_CMAC - { "-cmac", BENCH_CMAC }, -#endif -#ifndef NO_HMAC - { "-hmac", BENCH_HMAC }, - #ifndef NO_MD5 - { "-hmac-md5", BENCH_HMAC_MD5 }, - #endif - #ifndef NO_SHA - { "-hmac-sha", BENCH_HMAC_SHA }, - #endif - #ifdef WOLFSSL_SHA224 - { "-hmac-sha224", BENCH_HMAC_SHA224 }, - #endif - #ifndef NO_SHA256 - { "-hmac-sha256", BENCH_HMAC_SHA256 }, - #endif - #ifdef WOLFSSL_SHA384 - { "-hmac-sha384", BENCH_HMAC_SHA384 }, - #endif - #ifdef WOLFSSL_SHA512 - { "-hmac-sha512", BENCH_HMAC_SHA512 }, - #endif - #ifndef NO_PWDBASED - { "-pbkdf2", BENCH_PBKDF2 }, - #endif -#endif - { NULL, 0} -}; - -/* All recognized asymmetric algorithm choosing command line options. */ -static const bench_alg bench_asym_opt[] = { - { "-asym", -1 }, -#ifndef NO_RSA - #ifdef WOLFSSL_KEY_GEN - { "-rsa-kg", BENCH_RSA_KEYGEN }, - #endif - { "-rsa", BENCH_RSA }, - { "-rsa-sz", BENCH_RSA_SZ }, -#endif -#ifndef NO_DH - { "-dh", BENCH_DH }, -#endif -#ifdef HAVE_NTRU - { "-ntru", BENCH_NTRU }, - { "-ntru-kg", BENCH_NTRU_KEYGEN }, -#endif -#ifdef HAVE_ECC - { "-ecc-kg", BENCH_ECC_MAKEKEY }, - { "-ecc", BENCH_ECC }, - #ifdef HAVE_ECC_ENCRYPT - { "-ecc-enc", BENCH_ECC_ENCRYPT }, - #endif -#endif -#ifdef HAVE_CURVE25519 - { "-curve25519-kg", BENCH_CURVE25519_KEYGEN }, - #ifdef HAVE_CURVE25519_SHARED_SECRET - { "-x25519", BENCH_CURVE25519_KA }, - #endif -#endif -#ifdef HAVE_ED25519 - { "-ed25519-kg", BENCH_ED25519_KEYGEN }, - { "-ed25519", BENCH_ED25519_SIGN }, -#endif -#ifdef HAVE_CURVE448 - { "-curve448-kg", BENCH_CURVE448_KEYGEN }, - #ifdef HAVE_CURVE448_SHARED_SECRET - { "-x448", BENCH_CURVE448_KA }, - #endif -#endif -#ifdef HAVE_ED448 - { "-ed448-kg", BENCH_ED448_KEYGEN }, - { "-ed448", BENCH_ED448_SIGN }, -#endif - { NULL, 0} -}; - -/* All recognized other cryptographic algorithm choosing command line options. - */ -static const bench_alg bench_other_opt[] = { - { "-other", -1 }, -#ifndef WC_NO_RNG - { "-rng", BENCH_RNG }, -#endif -#ifdef HAVE_SCRYPT - { "-scrypt", BENCH_SCRYPT }, -#endif - { NULL, 0} -}; -#endif /* MAIN_NO_ARGS */ - -#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */ - - -#ifdef HAVE_WNR - const char* wnrConfigFile = "wnr-example.conf"; -#endif - -#if defined(WOLFSSL_MDK_ARM) - extern XFILE wolfSSL_fopen(const char *fname, const char *mode); - #define fopen wolfSSL_fopen -#endif - -static int lng_index = 0; - -#ifndef NO_MAIN_DRIVER -#ifndef MAIN_NO_ARGS -static const char* bench_Usage_msg1[][16] = { - /* 0 English */ - { "-? <num> Help, print this usage\n 0: English, 1: Japanese\n", - "-csv Print terminal output in csv format\n", - "-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)\n", - "-no_aad No additional authentication data passed.\n", - "-dgst_full Full digest operation performed.\n", - "-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.\n", - "<keySz> -rsa-sz\n Measure RSA <key size> performance.\n", - "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n", - "-ffhdhe3072 Measure DH using FFDHE 3072-bit parameters.\n", - "-p256 Measure ECC using P-256 curve.\n", - "-p384 Measure ECC using P-384 curve.\n", - "-<alg> Algorithm to benchmark. Available algorithms include:\n", - "-lng <num> Display benchmark result by specified language.\n 0: English, 1: Japanese\n", - "<num> Size of block in bytes\n", - "-threads <num> Number of threads to run\n", - "-print Show benchmark stats summary\n" - }, -#ifndef NO_MULTIBYTE_PRINT - /* 1 Japanese */ - { "-? <num> ヘルプ, 使い方を表示します。\n 0: 英語、 1: 日本語\n", - "-csv csv 形式で端末に出力します。\n", - "-base10 バイトを10のべき乗で表示します。(例 1 kB = 1000 Bytes)\n", - "-no_aad 追加の認証データを使用しません.\n", - "-dgst_full フルの digest 暗号操作を実施します。\n", - "-rsa_sign 暗号/復号化の代わりに RSA の署名/検証を測定します。\n", - "<keySz> -rsa-sz\n RSA <key size> の性能を測定します。\n", - "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n", - "-ffhdhe3072 Measure DH using FFDHE 3072-bit parameters.\n", - "-p256 Measure ECC using P-256 curve.\n", - "-p384 Measure ECC using P-384 curve.\n", - "-<alg> アルゴリズムのベンチマークを実施します。\n 利用可能なアルゴリズムは下記を含みます:\n", - "-lng <num> 指定された言語でベンチマーク結果を表示します。\n 0: 英語、 1: 日本語\n", - "<num> ブロックサイズをバイト単位で指定します。\n", - "-threads <num> 実行するスレッド数\n", - "-print ベンチマーク統計の要約を表示する\n" - }, -#endif -}; -#endif /* MAIN_NO_ARGS */ -#endif - -static const char* bench_result_words1[][4] = { - { "took", "seconds" , "Cycles per byte", NULL }, /* 0 English */ -#ifndef NO_MULTIBYTE_PRINT - { "を" , "秒で処理", "1バイトあたりのサイクル数", NULL }, /* 1 Japanese */ -#endif -}; - -#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_NTRU) || \ - defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ - defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ - defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) -#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ - defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) - -static const char* bench_desc_words[][9] = { - /* 0 1 2 3 4 5 6 7 8 */ - {"public", "private", "key gen", "agree" , "sign", "verify", "encryption", "decryption", NULL}, /* 0 English */ -#ifndef NO_MULTIBYTE_PRINT - {"公開鍵", "秘密鍵" ,"鍵生成" , "鍵共有" , "署名", "検証" , "暗号化" , "復号化" , NULL}, /* 1 Japanese */ -#endif -}; - -#endif -#endif - -#if defined(__GNUC__) && defined(__x86_64__) && !defined(NO_ASM) && !defined(WOLFSSL_SGX) - #define HAVE_GET_CYCLES - static WC_INLINE word64 get_intel_cycles(void); - static THREAD_LS_T word64 total_cycles; - #define INIT_CYCLE_COUNTER - #define BEGIN_INTEL_CYCLES total_cycles = get_intel_cycles(); - #define END_INTEL_CYCLES total_cycles = get_intel_cycles() - total_cycles; - /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ - #define SHOW_INTEL_CYCLES(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), " %s = %6.2f\n", \ - bench_result_words1[lng_index][2], \ - count == 0 ? 0 : (float)total_cycles / ((word64)count*s)) - #define SHOW_INTEL_CYCLES_CSV(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), "%.2f,\n", \ - count == 0 ? 0 : (float)total_cycles / ((word64)count*s)) -#elif defined(LINUX_CYCLE_COUNT) - #include <linux/perf_event.h> - #include <sys/syscall.h> - #include <unistd.h> - - static THREAD_LS_T word64 begin_cycles; - static THREAD_LS_T word64 total_cycles; - static THREAD_LS_T int cycles = -1; - static THREAD_LS_T struct perf_event_attr atr; - - #define INIT_CYCLE_COUNTER do { \ - atr.type = PERF_TYPE_HARDWARE; \ - atr.config = PERF_COUNT_HW_CPU_CYCLES; \ - cycles = (int)syscall(__NR_perf_event_open, &atr, 0, -1, -1, 0); \ - } while (0); - - #define BEGIN_INTEL_CYCLES read(cycles, &begin_cycles, sizeof(begin_cycles)); - #define END_INTEL_CYCLES do { \ - read(cycles, &total_cycles, sizeof(total_cycles)); \ - total_cycles = total_cycles - begin_cycles; \ - } while (0); - - /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ - #define SHOW_INTEL_CYCLES(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), " %s = %6.2f\n", \ - bench_result_words1[lng_index][2], \ - (float)total_cycles / (count*s)) - #define SHOW_INTEL_CYCLES_CSV(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), "%.2f,\n", \ - (float)total_cycles / (count*s)) - -#elif defined(SYNERGY_CYCLE_COUNT) - #include "hal_data.h" - static THREAD_LS_T word64 begin_cycles; - static THREAD_LS_T word64 total_cycles; - - #define INIT_CYCLE_COUNTER - #define BEGIN_INTEL_CYCLES begin_cycles = DWT->CYCCNT = 0; - #define END_INTEL_CYCLES total_cycles = DWT->CYCCNT - begin_cycles; - - /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ - #define SHOW_INTEL_CYCLES(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), " %s = %6.2f\n", \ - bench_result_words1[lng_index][2], \ - (float)total_cycles / (count*s)) - #define SHOW_INTEL_CYCLES_CSV(b, n, s) \ - XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), "%.2f,\n", \ - (float)total_cycles / (count*s)) - -#else - #define INIT_CYCLE_COUNTER - #define BEGIN_INTEL_CYCLES - #define END_INTEL_CYCLES - #define SHOW_INTEL_CYCLES(b, n, s) b[XSTRLEN(b)] = '\n' - #define SHOW_INTEL_CYCLES_CSV(b, n, s) b[XSTRLEN(b)] = '\n' -#endif - -/* determine benchmark buffer to use (if NO_FILESYSTEM) */ -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) - #define USE_CERT_BUFFERS_2048 /* default to 2048 */ -#endif - -#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) || \ - defined(USE_CERT_BUFFERS_3072) || !defined(NO_DH) - /* include test cert and key buffers for use with NO_FILESYSTEM */ - #include <wolfssl/certs_test.h> -#endif - -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - #include <wolfssl/wolfcrypt/blake2.h> -#endif - -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable: 4996) -#endif - - -#ifdef WOLFSSL_CURRTIME_REMAP - #define current_time WOLFSSL_CURRTIME_REMAP -#elif !defined(HAVE_STACK_SIZE) - double current_time(int); -#endif - -#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) && \ - !defined(HAVE_STACK_SIZE) -#ifdef __cplusplus - extern "C" { -#endif - WOLFSSL_API int wolfSSL_Debugging_ON(void); - WOLFSSL_API void wolfSSL_Debugging_OFF(void); -#ifdef __cplusplus - } /* extern "C" */ -#endif -#endif - -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || !defined(NO_DH) \ - || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \ - || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) \ - || defined(HAVE_CURVE448) || defined(HAVE_ED448) - #define HAVE_LOCAL_RNG - static THREAD_LS_T WC_RNG gRng; -#endif - -#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DH) || \ - !defined(NO_RSA) || defined(HAVE_SCRYPT) - #define BENCH_ASYM -#endif - -#if defined(BENCH_ASYM) -#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ - defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) -static const char* bench_result_words2[][5] = { - { "ops took", "sec" , "avg" , "ops/sec", NULL }, /* 0 English */ -#ifndef NO_MULTIBYTE_PRINT - { "回処理を", "秒で実施", "平均", "処理/秒", NULL }, /* 1 Japanese */ -#endif -}; -#endif -#endif - -/* Asynchronous helper macros */ -static THREAD_LS_T int devId = INVALID_DEVID; - -#ifdef WOLFSSL_ASYNC_CRYPT - static WOLF_EVENT_QUEUE eventQueue; - - #define BENCH_ASYNC_GET_DEV(obj) (&(obj)->asyncDev) - #define BENCH_ASYNC_GET_NAME(doAsync) (doAsync) ? "HW" : "SW" - #define BENCH_MAX_PENDING (WOLF_ASYNC_MAX_PENDING) - -#ifndef WC_NO_ASYNC_THREADING - typedef struct ThreadData { - pthread_t thread_id; - } ThreadData; - static ThreadData* g_threadData; - static int g_threadCount; -#endif - - static int bench_async_check(int* ret, WC_ASYNC_DEV* asyncDev, - int callAgain, int* times, int limit, int* pending) - { - int allowNext = 0; - - /* this state can be set from a different thread */ - WOLF_EVENT_STATE state = asyncDev->event.state; - - /* if algo doesn't require calling again then use this flow */ - if (state == WOLF_EVENT_STATE_DONE) { - if (callAgain) { - /* needs called again, so allow it and handle completion in bench_async_handle */ - allowNext = 1; - } - else { - *ret = asyncDev->event.ret; - asyncDev->event.state = WOLF_EVENT_STATE_READY; - (*times)++; - if (*pending > 0) /* to support case where async blocks */ - (*pending)--; - - if ((*times + *pending) < limit) - allowNext = 1; - } - } - - /* if slot is available and we haven't reached limit, start another */ - else if (state == WOLF_EVENT_STATE_READY && (*times + *pending) < limit) { - allowNext = 1; - } - - return allowNext; - } - - static int bench_async_handle(int* ret, WC_ASYNC_DEV* asyncDev, - int callAgain, int* times, int* pending) - { - WOLF_EVENT_STATE state = asyncDev->event.state; - - if (*ret == WC_PENDING_E) { - if (state == WOLF_EVENT_STATE_DONE) { - *ret = asyncDev->event.ret; - asyncDev->event.state = WOLF_EVENT_STATE_READY; - (*times)++; - (*pending)--; - } - else { - (*pending)++; - *ret = wc_AsyncHandle(asyncDev, &eventQueue, - callAgain ? WC_ASYNC_FLAG_CALL_AGAIN : WC_ASYNC_FLAG_NONE); - } - } - else if (*ret >= 0) { - *ret = asyncDev->event.ret; - asyncDev->event.state = WOLF_EVENT_STATE_READY; - (*times)++; - if (*pending > 0) /* to support case where async blocks */ - (*pending)--; - } - - return (*ret >= 0) ? 1 : 0; - } - - static WC_INLINE int bench_async_poll(int* pending) - { - int ret, asyncDone = 0; - - ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0, - WOLF_POLL_FLAG_CHECK_HW, &asyncDone); - if (ret != 0) { - printf("Async poll failed %d\n", ret); - return ret; - } - - if (asyncDone == 0) { - #ifndef WC_NO_ASYNC_THREADING - /* give time to other threads */ - wc_AsyncThreadYield(); - #endif - } - - (void)pending; - - return asyncDone; - } - -#else - #define BENCH_MAX_PENDING (1) - #define BENCH_ASYNC_GET_NAME(doAsync) "" - #define BENCH_ASYNC_GET_DEV(obj) NULL - - static WC_INLINE int bench_async_check(int* ret, void* asyncDev, - int callAgain, int* times, int limit, int* pending) - { - (void)ret; - (void)asyncDev; - (void)callAgain; - (void)times; - (void)limit; - (void)pending; - - return 1; - } - - static WC_INLINE int bench_async_handle(int* ret, void* asyncDev, - int callAgain, int* times, int* pending) - { - (void)asyncDev; - (void)callAgain; - (void)pending; - - if (*ret >= 0) { - /* operation completed */ - (*times)++; - return 1; - } - return 0; - } - #define bench_async_poll(p) -#endif /* WOLFSSL_ASYNC_CRYPT */ - - - -/* maximum runtime for each benchmark */ -#define BENCH_MIN_RUNTIME_SEC 1.0f - - -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - #define AES_AUTH_ADD_SZ 13 - #define AES_AUTH_TAG_SZ 16 - #define BENCH_CIPHER_ADD AES_AUTH_TAG_SZ - static word32 aesAuthAddSz = AES_AUTH_ADD_SZ; -#endif -#ifndef BENCH_CIPHER_ADD - #define BENCH_CIPHER_ADD 0 -#endif - - -/* use kB instead of mB for embedded benchmarking */ -#ifdef BENCH_EMBEDDED - enum BenchmarkBounds { - scryptCnt = 1, - ntimes = 2, - genTimes = BENCH_MAX_PENDING, - agreeTimes = 2 - }; - static int numBlocks = 25; /* how many kB to test (en/de)cryption */ - static word32 bench_size = (1024ul); -#else - enum BenchmarkBounds { - scryptCnt = 10, - ntimes = 100, - genTimes = BENCH_MAX_PENDING, /* must be at least BENCH_MAX_PENDING */ - agreeTimes = 100 - }; - static int numBlocks = 5; /* how many megs to test (en/de)cryption */ - static word32 bench_size = (1024*1024ul); -#endif -static int base2 = 1; -static int digest_stream = 1; -#ifndef NO_RSA -/* Don't measure RSA sign/verify by default */ -static int rsa_sign_verify = 0; -#endif -#ifndef NO_DH -/* Use the FFDHE parameters */ -static int use_ffdhe = 0; -#endif - -/* Don't print out in CSV format by default */ -static int csv_format = 0; -#ifdef BENCH_ASYM -static int csv_header_count = 0; -#endif - -/* for compatibility */ -#define BENCH_SIZE bench_size - -/* globals for cipher tests */ -static THREAD_LS_T byte* bench_plain = NULL; -static THREAD_LS_T byte* bench_cipher = NULL; - -static const XGEN_ALIGN byte bench_key_buf[] = -{ - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67, - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; - -static const XGEN_ALIGN byte bench_iv_buf[] = -{ - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 -}; -static THREAD_LS_T byte* bench_key = NULL; -static THREAD_LS_T byte* bench_iv = NULL; - -#ifdef WOLFSSL_STATIC_MEMORY - #ifdef BENCH_EMBEDDED - static byte gBenchMemory[50000]; - #else - static byte gBenchMemory[400000]; - #endif -#endif - - -/* This code handles cases with systems where static (non cost) ram variables - aren't properly initialized with data */ -static int gBenchStaticInit = 0; -static void benchmark_static_init(void) -{ - if (gBenchStaticInit == 0) { - gBenchStaticInit = 1; - - /* Init static variables */ - bench_all = 1; - #ifdef BENCH_EMBEDDED - numBlocks = 25; /* how many kB to test (en/de)cryption */ - bench_size = (1024ul); - #else - numBlocks = 5; /* how many megs to test (en/de)cryption */ - bench_size = (1024*1024ul); - #endif - #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - aesAuthAddSz = AES_AUTH_ADD_SZ; - #endif - base2 = 1; - digest_stream = 1; - } -} - - - -/******************************************************************************/ -/* Begin Stats Functions */ -/******************************************************************************/ -static int gPrintStats = 0; -typedef enum bench_stat_type { - BENCH_STAT_ASYM, - BENCH_STAT_SYM, -} bench_stat_type_t; -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) - typedef struct bench_stats { - struct bench_stats* next; - struct bench_stats* prev; - const char* algo; - const char* desc; - double perfsec; - int strength; - int doAsync; - int finishCount; - bench_stat_type_t type; - int lastRet; - const char* perftype; - } bench_stats_t; - static bench_stats_t* bench_stats_head; - static bench_stats_t* bench_stats_tail; - static pthread_mutex_t bench_lock = PTHREAD_MUTEX_INITIALIZER; - - static bench_stats_t* bench_stats_add(bench_stat_type_t type, - const char* algo, int strength, const char* desc, int doAsync, - double perfsec, const char* perftype, int ret) - { - bench_stats_t* bstat; - - /* protect bench_stats_head and bench_stats_tail access */ - pthread_mutex_lock(&bench_lock); - - /* locate existing in list */ - for (bstat = bench_stats_head; bstat != NULL; bstat = bstat->next) { - /* match based on algo, strength and desc */ - if (bstat->algo == algo && bstat->strength == strength && bstat->desc == desc && bstat->doAsync == doAsync) { - break; - } - } - - if (bstat == NULL) { - /* allocate new and put on list */ - bstat = (bench_stats_t*)XMALLOC(sizeof(bench_stats_t), NULL, DYNAMIC_TYPE_INFO); - if (bstat) { - XMEMSET(bstat, 0, sizeof(bench_stats_t)); - - /* add to list */ - bstat->next = NULL; - if (bench_stats_tail == NULL) { - bench_stats_head = bstat; - } - else { - bench_stats_tail->next = bstat; - bstat->prev = bench_stats_tail; - } - bench_stats_tail = bstat; /* add to the end either way */ - } - } - - if (bstat) { - bstat->type = type; - bstat->algo = algo; - bstat->strength = strength; - bstat->desc = desc; - bstat->doAsync = doAsync; - bstat->perfsec += perfsec; - bstat->finishCount++; - bstat->perftype = perftype; - if (bstat->lastRet > ret) - bstat->lastRet = ret; /* track last error */ - - pthread_mutex_unlock(&bench_lock); - - /* wait until remaining are complete */ - while (bstat->finishCount < g_threadCount) { - wc_AsyncThreadYield(); - } - } - else { - pthread_mutex_unlock(&bench_lock); - } - - return bstat; - } - - void bench_stats_print(void) - { - bench_stats_t* bstat; - - /* protect bench_stats_head and bench_stats_tail access */ - pthread_mutex_lock(&bench_lock); - - for (bstat = bench_stats_head; bstat != NULL; ) { - if (bstat->type == BENCH_STAT_SYM) { - printf("%-16s%s %8.3f %s/s\n", bstat->desc, - BENCH_ASYNC_GET_NAME(bstat->doAsync), bstat->perfsec, - base2 ? "MB" : "mB"); - } - else { - printf("%-5s %4d %-9s %s %.3f ops/sec\n", - bstat->algo, bstat->strength, bstat->desc, - BENCH_ASYNC_GET_NAME(bstat->doAsync), bstat->perfsec); - } - - bstat = bstat->next; - } - - pthread_mutex_unlock(&bench_lock); - } - -#else - - typedef struct bench_stats { - const char* algo; - const char* desc; - double perfsec; - const char* perftype; - int strength; - bench_stat_type_t type; - int ret; - } bench_stats_t; - #define MAX_BENCH_STATS 50 - static bench_stats_t gStats[MAX_BENCH_STATS]; - static int gStatsCount; - - static bench_stats_t* bench_stats_add(bench_stat_type_t type, - const char* algo, int strength, const char* desc, int doAsync, - double perfsec, const char* perftype, int ret) - { - bench_stats_t* bstat = NULL; - if (gStatsCount >= MAX_BENCH_STATS) - return bstat; - - bstat = &gStats[gStatsCount++]; - bstat->algo = algo; - bstat->desc = desc; - bstat->perfsec = perfsec; - bstat->perftype = perftype; - bstat->strength = strength; - bstat->type = type; - bstat->ret = ret; - - (void)doAsync; - - return bstat; - } - - void bench_stats_print(void) - { - int i; - bench_stats_t* bstat; - for (i=0; i<gStatsCount; i++) { - bstat = &gStats[i]; - if (bstat->type == BENCH_STAT_SYM) { - printf("%-16s %8.3f %s/s\n", bstat->desc, bstat->perfsec, - base2 ? "MB" : "mB"); - } - else { - printf("%-5s %4d %-9s %.3f ops/sec\n", - bstat->algo, bstat->strength, bstat->desc, bstat->perfsec); - } - } - } -#endif /* WOLFSSL_ASYNC_CRYPT && !WC_NO_ASYNC_THREADING */ - -static WC_INLINE void bench_stats_init(void) -{ -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) - bench_stats_head = NULL; - bench_stats_tail = NULL; -#endif - INIT_CYCLE_COUNTER -} - -static WC_INLINE void bench_stats_start(int* count, double* start) -{ - *count = 0; - *start = current_time(1); - BEGIN_INTEL_CYCLES -} - -static WC_INLINE int bench_stats_sym_check(double start) -{ - return ((current_time(0) - start) < BENCH_MIN_RUNTIME_SEC); -} - - -/* countSz is number of bytes that 1 count represents. Normally bench_size, - * except for AES direct that operates on AES_BLOCK_SIZE blocks */ -static void bench_stats_sym_finish(const char* desc, int doAsync, int count, - int countSz, double start, int ret) -{ - double total, persec = 0, blocks = count; - const char* blockType; - char msg[128] = {0}; - const char** word = bench_result_words1[lng_index]; - - END_INTEL_CYCLES - total = current_time(0) - start; - - /* calculate actual bytes */ - blocks *= countSz; - - if (base2) { - /* determine if we should show as KB or MB */ - if (blocks > (1024ul * 1024ul)) { - blocks /= (1024ul * 1024ul); - blockType = "MB"; - } - else if (blocks > 1024) { - blocks /= 1024; /* make KB */ - blockType = "KB"; - } - else { - blockType = "bytes"; - } - } - else { - /* determine if we should show as kB or mB */ - if (blocks > (1000ul * 1000ul)) { - blocks /= (1000ul * 1000ul); - blockType = "mB"; - } - else if (blocks > 1000) { - blocks /= 1000; /* make kB */ - blockType = "kB"; - } - else { - blockType = "bytes"; - } - } - - /* caclulcate blocks per second */ - if (total > 0) { - persec = (1 / total) * blocks; - } - - /* format and print to terminal */ - if (csv_format == 1) { - XSNPRINTF(msg, sizeof(msg), "%s,%.3f,", desc, persec); - SHOW_INTEL_CYCLES_CSV(msg, sizeof(msg), countSz); - } else { - XSNPRINTF(msg, sizeof(msg), "%-16s%s %5.0f %s %s %5.3f %s, %8.3f %s/s", - desc, BENCH_ASYNC_GET_NAME(doAsync), blocks, blockType, word[0], total, word[1], - persec, blockType); - SHOW_INTEL_CYCLES(msg, sizeof(msg), countSz); - } - printf("%s", msg); - - /* show errors */ - if (ret < 0) { - printf("Benchmark %s failed: %d\n", desc, ret); - } - - /* Add to thread stats */ - bench_stats_add(BENCH_STAT_SYM, NULL, 0, desc, doAsync, persec, blockType, ret); - - (void)doAsync; - (void)ret; - - TEST_SLEEP(); -} - -#ifdef BENCH_ASYM -#if defined(HAVE_ECC) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) || \ - defined(WOLFSSL_PUBLIC_MP) || !defined(NO_DH) -static void bench_stats_asym_finish(const char* algo, int strength, - const char* desc, int doAsync, int count, double start, int ret) -{ - double total, each = 0, opsSec, milliEach; - const char **word = bench_result_words2[lng_index]; - const char* kOpsSec = "Ops/Sec"; - char msg[128] = {0}; - - total = current_time(0) - start; - if (count > 0) - each = total / count; /* per second */ - opsSec = count / total; /* ops second */ - milliEach = each * 1000; /* milliseconds */ - - /* format and print to terminal */ - if (csv_format == 1) { - /* only print out header once */ - if (csv_header_count == 1) { - printf("\nAsymmetric Ciphers:\n\n"); - printf("Algorithm,avg ms,ops/sec,\n"); - csv_header_count++; - } - XSNPRINTF(msg, sizeof(msg), "%s %d %s,%.3f,%.3f,\n", algo, strength, desc, milliEach, opsSec); - } else { - XSNPRINTF(msg, sizeof(msg), "%-6s %5d %-9s %s %6d %s %5.3f %s, %s %5.3f ms," - " %.3f %s\n", algo, strength, desc, BENCH_ASYNC_GET_NAME(doAsync), - count, word[0], total, word[1], word[2], milliEach, opsSec, word[3]); - } - printf("%s", msg); - - /* show errors */ - if (ret < 0) { - printf("Benchmark %s %s %d failed: %d\n", algo, desc, strength, ret); - } - - /* Add to thread stats */ - bench_stats_add(BENCH_STAT_ASYM, algo, strength, desc, doAsync, opsSec, kOpsSec, ret); - - (void)doAsync; - (void)ret; - - TEST_SLEEP(); -} -#endif -#endif /* BENCH_ASYM */ - -static WC_INLINE void bench_stats_free(void) -{ -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) - bench_stats_t* bstat; - for (bstat = bench_stats_head; bstat != NULL; ) { - bench_stats_t* next = bstat->next; - XFREE(bstat, NULL, DYNAMIC_TYPE_INFO); - bstat = next; - } - bench_stats_head = NULL; - bench_stats_tail = NULL; -#endif -} -/******************************************************************************/ -/* End Stats Functions */ -/******************************************************************************/ - - -static void* benchmarks_do(void* args) -{ - int bench_buf_size; - -#ifdef WOLFSSL_ASYNC_CRYPT -#ifndef WC_NO_ASYNC_THREADING - ThreadData* threadData = (ThreadData*)args; - - if (wolfAsync_DevOpenThread(&devId, &threadData->thread_id) < 0) -#else - if (wolfAsync_DevOpen(&devId) < 0) -#endif - { - printf("Async device open failed\nRunning without async\n"); - } -#endif /* WOLFSSL_ASYNC_CRYPT */ - - (void)args; - -#ifdef WOLFSSL_ASYNC_CRYPT - if (wolfEventQueue_Init(&eventQueue) != 0) { - printf("Async event queue init failure!\n"); - } -#endif - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - devId = wc_CryptoCb_InitIntelQa(); - if (devId == INVALID_DEVID) { - printf("Couldn't init the Intel QA\n"); - } -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - devId = wc_CryptoCb_InitOcteon(); - if (devId == INVALID_DEVID) { - printf("Couldn't get the Octeon device ID\n"); - } -#endif -#endif - -#if defined(HAVE_LOCAL_RNG) - { - int rngRet; - -#ifndef HAVE_FIPS - rngRet = wc_InitRng_ex(&gRng, HEAP_HINT, devId); -#else - rngRet = wc_InitRng(&gRng); -#endif - if (rngRet < 0) { - printf("InitRNG failed\n"); - return NULL; - } - } -#endif - - /* setup bench plain, cipher, key and iv globals */ - /* make sure bench buffer is multiple of 16 (AES block size) */ - bench_buf_size = (int)bench_size + BENCH_CIPHER_ADD; - if (bench_buf_size % 16) - bench_buf_size += 16 - (bench_buf_size % 16); - -#ifdef WOLFSSL_AFALG_XILINX_AES - bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); - bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); -#else - bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - bench_cipher = (byte*)XMALLOC((size_t)bench_buf_size + 16, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); -#endif - if (bench_plain == NULL || bench_cipher == NULL) { - XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - bench_plain = bench_cipher = NULL; - - printf("Benchmark block buffer alloc failed!\n"); - goto exit; - } - XMEMSET(bench_plain, 0, (size_t)bench_buf_size); - XMEMSET(bench_cipher, 0, (size_t)bench_buf_size); - -#if defined(WOLFSSL_ASYNC_CRYPT) || defined(HAVE_INTEL_QA_SYNC) - bench_key = (byte*)XMALLOC(sizeof(bench_key_buf), HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - bench_iv = (byte*)XMALLOC(sizeof(bench_iv_buf), HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - if (bench_key == NULL || bench_iv == NULL) { - XFREE(bench_key, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - XFREE(bench_iv, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - bench_key = bench_iv = NULL; - - printf("Benchmark cipher buffer alloc failed!\n"); - goto exit; - } - XMEMCPY(bench_key, bench_key_buf, sizeof(bench_key_buf)); - XMEMCPY(bench_iv, bench_iv_buf, sizeof(bench_iv_buf)); -#else - bench_key = (byte*)bench_key_buf; - bench_iv = (byte*)bench_iv_buf; -#endif - -#ifndef WC_NO_RNG - if (bench_all || (bench_other_algs & BENCH_RNG)) - bench_rng(); -#endif /* WC_NO_RNG */ -#ifndef NO_AES -#ifdef HAVE_AES_CBC - if (bench_all || (bench_cipher_algs & BENCH_AES_CBC)) { - #ifndef NO_SW_BENCH - bench_aescbc(0); - #endif - #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \ - defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) && \ - !defined(NO_HW_BENCH) - bench_aescbc(1); - #endif - } -#endif -#ifdef HAVE_AESGCM - if (bench_all || (bench_cipher_algs & BENCH_AES_GCM)) { - #ifndef NO_SW_BENCH - bench_aesgcm(0); - #endif - #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \ - defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) && \ - !defined(NO_HW_BENCH) - bench_aesgcm(1); - #endif - } -#endif -#ifdef WOLFSSL_AES_DIRECT - if (bench_all || (bench_cipher_algs & BENCH_AES_ECB)) { - #ifndef NO_SW_BENCH - bench_aesecb(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) && \ - !defined(NO_HW_BENCH) - bench_aesecb(1); - #endif - } -#endif -#ifdef WOLFSSL_AES_XTS - if (bench_all || (bench_cipher_algs & BENCH_AES_XTS)) - bench_aesxts(); -#endif -#ifdef WOLFSSL_AES_CFB - if (bench_all || (bench_cipher_algs & BENCH_AES_CFB)) - bench_aescfb(); -#endif -#ifdef WOLFSSL_AES_OFB - if (bench_all || (bench_cipher_algs & BENCH_AES_OFB)) - bench_aesofb(); -#endif -#ifdef WOLFSSL_AES_COUNTER - if (bench_all || (bench_cipher_algs & BENCH_AES_CTR)) - bench_aesctr(); -#endif -#ifdef HAVE_AESCCM - if (bench_all || (bench_cipher_algs & BENCH_AES_CCM)) - bench_aesccm(); -#endif -#endif /* !NO_AES */ - -#ifdef HAVE_CAMELLIA - if (bench_all || (bench_cipher_algs & BENCH_CAMELLIA)) - bench_camellia(); -#endif -#ifndef NO_RC4 - if (bench_all || (bench_cipher_algs & BENCH_ARC4)) { - #ifndef NO_SW_BENCH - bench_arc4(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ARC4) && \ - !defined(NO_HW_BENCH) - bench_arc4(1); - #endif - } -#endif -#ifdef HAVE_HC128 - if (bench_all || (bench_cipher_algs & BENCH_HC128)) - bench_hc128(); -#endif -#ifndef NO_RABBIT - if (bench_all || (bench_cipher_algs & BENCH_RABBIT)) - bench_rabbit(); -#endif -#ifdef HAVE_CHACHA - if (bench_all || (bench_cipher_algs & BENCH_CHACHA20)) - bench_chacha(); -#endif -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (bench_all || (bench_cipher_algs & BENCH_CHACHA20_POLY1305)) - bench_chacha20_poly1305_aead(); -#endif -#ifndef NO_DES3 - if (bench_all || (bench_cipher_algs & BENCH_DES)) { - #ifndef NO_SW_BENCH - bench_des(0); - #endif - #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \ - defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) && \ - !defined(NO_HW_BENCH) - bench_des(1); - #endif - } -#endif -#ifdef HAVE_IDEA - if (bench_all || (bench_cipher_algs & BENCH_IDEA)) - bench_idea(); -#endif - -#ifndef NO_MD5 - if (bench_all || (bench_digest_algs & BENCH_MD5)) { - #ifndef NO_SW_BENCH - bench_md5(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5) && \ - !defined(NO_HW_BENCH) - bench_md5(1); - #endif - } -#endif -#ifdef HAVE_POLY1305 - if (bench_all || (bench_digest_algs & BENCH_POLY1305)) - bench_poly1305(); -#endif -#ifndef NO_SHA - if (bench_all || (bench_digest_algs & BENCH_SHA)) { - #ifndef NO_SW_BENCH - bench_sha(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) && \ - !defined(NO_HW_BENCH) - bench_sha(1); - #endif - } -#endif -#ifdef WOLFSSL_SHA224 - if (bench_all || (bench_digest_algs & BENCH_SHA224)) { - #ifndef NO_SW_BENCH - bench_sha224(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224) && \ - !defined(NO_HW_BENCH) - bench_sha224(1); - #endif - } -#endif -#ifndef NO_SHA256 - if (bench_all || (bench_digest_algs & BENCH_SHA256)) { - #ifndef NO_SW_BENCH - bench_sha256(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) && \ - !defined(NO_HW_BENCH) - bench_sha256(1); - #endif - } -#endif -#ifdef WOLFSSL_SHA384 - if (bench_all || (bench_digest_algs & BENCH_SHA384)) { - #ifndef NO_SW_BENCH - bench_sha384(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) && \ - !defined(NO_HW_BENCH) - bench_sha384(1); - #endif - } -#endif -#ifdef WOLFSSL_SHA512 - if (bench_all || (bench_digest_algs & BENCH_SHA512)) { - #ifndef NO_SW_BENCH - bench_sha512(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) && \ - !defined(NO_HW_BENCH) - bench_sha512(1); - #endif - } -#endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - if (bench_all || (bench_digest_algs & BENCH_SHA3_224)) { - #ifndef NO_SW_BENCH - bench_sha3_224(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) && \ - !defined(NO_HW_BENCH) - bench_sha3_224(1); - #endif - } - #endif /* WOLFSSL_NOSHA3_224 */ - #ifndef WOLFSSL_NOSHA3_256 - if (bench_all || (bench_digest_algs & BENCH_SHA3_256)) { - #ifndef NO_SW_BENCH - bench_sha3_256(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) && \ - !defined(NO_HW_BENCH) - bench_sha3_256(1); - #endif - } - #endif /* WOLFSSL_NOSHA3_256 */ - #ifndef WOLFSSL_NOSHA3_384 - if (bench_all || (bench_digest_algs & BENCH_SHA3_384)) { - #ifndef NO_SW_BENCH - bench_sha3_384(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) && \ - !defined(NO_HW_BENCH) - bench_sha3_384(1); - #endif - } - #endif /* WOLFSSL_NOSHA3_384 */ - #ifndef WOLFSSL_NOSHA3_512 - if (bench_all || (bench_digest_algs & BENCH_SHA3_512)) { - #ifndef NO_SW_BENCH - bench_sha3_512(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) && \ - !defined(NO_HW_BENCH) - bench_sha3_512(1); - #endif - } - #endif /* WOLFSSL_NOSHA3_512 */ -#endif -#ifdef WOLFSSL_RIPEMD - if (bench_all || (bench_digest_algs & BENCH_RIPEMD)) - bench_ripemd(); -#endif -#ifdef HAVE_BLAKE2 - if (bench_all || (bench_digest_algs & BENCH_BLAKE2B)) - bench_blake2b(); -#endif -#ifdef HAVE_BLAKE2S - if (bench_all || (bench_digest_algs & BENCH_BLAKE2S)) - bench_blake2s(); -#endif -#ifdef WOLFSSL_CMAC - if (bench_all || (bench_mac_algs & BENCH_CMAC)) - bench_cmac(); -#endif - -#ifndef NO_HMAC - #ifndef NO_MD5 - if (bench_all || (bench_mac_algs & BENCH_HMAC_MD5)) { - #ifndef NO_SW_BENCH - bench_hmac_md5(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_MD5) && !defined(NO_HW_BENCH) - bench_hmac_md5(1); - #endif - } - #endif - #ifndef NO_SHA - if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA)) { - #ifndef NO_SW_BENCH - bench_hmac_sha(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_SHA) && !defined(NO_HW_BENCH) - bench_hmac_sha(1); - #endif - } - #endif - #ifdef WOLFSSL_SHA224 - if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA224)) { - #ifndef NO_SW_BENCH - bench_hmac_sha224(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_SHA224) && !defined(NO_HW_BENCH) - bench_hmac_sha224(1); - #endif - } - #endif - #ifndef NO_SHA256 - if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA256)) { - #ifndef NO_SW_BENCH - bench_hmac_sha256(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_SHA256) && !defined(NO_HW_BENCH) - bench_hmac_sha256(1); - #endif - } - #endif - #ifdef WOLFSSL_SHA384 - if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA384)) { - #ifndef NO_SW_BENCH - bench_hmac_sha384(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_SHA384) && !defined(NO_HW_BENCH) - bench_hmac_sha384(1); - #endif - } - #endif - #ifdef WOLFSSL_SHA512 - if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA512)) { - #ifndef NO_SW_BENCH - bench_hmac_sha512(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) && \ - defined(WC_ASYNC_ENABLE_SHA512) && !defined(NO_HW_BENCH) - bench_hmac_sha512(1); - #endif - } - #endif - #ifndef NO_PWDBASED - if (bench_all || (bench_mac_algs & BENCH_PBKDF2)) { - bench_pbkdf2(); - } - #endif -#endif /* NO_HMAC */ - -#ifdef HAVE_SCRYPT - if (bench_all || (bench_other_algs & BENCH_SCRYPT)) - bench_scrypt(); -#endif - -#ifndef NO_RSA - #ifdef WOLFSSL_KEY_GEN - if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) { - #ifndef NO_SW_BENCH - if (bench_asym_algs & BENCH_RSA_SZ) { - bench_rsaKeyGen_size(0, bench_size); - } - else { - bench_rsaKeyGen(0); - } - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA_KEYGEN) \ - && !defined(NO_HW_BENCH) - if (bench_asym_algs & BENCH_RSA_SZ) { - bench_rsaKeyGen_size(1, bench_size); - } - else { - bench_rsaKeyGen(1); - } - #endif - } - #endif - if (bench_all || (bench_asym_algs & BENCH_RSA)) { - #ifndef NO_SW_BENCH - bench_rsa(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ - !defined(NO_HW_BENCH) - bench_rsa(1); - #endif - } - - #ifdef WOLFSSL_KEY_GEN - if (bench_asym_algs & BENCH_RSA_SZ) { - #ifndef NO_SW_BENCH - bench_rsa_key(0, bench_size); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ - !defined(NO_HW_BENCH) - bench_rsa_key(1, bench_size); - #endif - } - #endif -#endif - -#ifndef NO_DH - if (bench_all || (bench_asym_algs & BENCH_DH)) { - #ifndef NO_SW_BENCH - bench_dh(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH) && \ - !defined(NO_HW_BENCH) - bench_dh(1); - #endif - } -#endif - -#ifdef HAVE_NTRU - if (bench_all || (bench_asym_algs & BENCH_NTRU)) - bench_ntru(); - if (bench_all || (bench_asym_algs & BENCH_NTRU_KEYGEN)) - bench_ntruKeyGen(); -#endif - -#ifdef HAVE_ECC - if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY)) { - #ifndef NO_SW_BENCH - bench_eccMakeKey(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - !defined(NO_HW_BENCH) - bench_eccMakeKey(1); - #endif - } - if (bench_all || (bench_asym_algs & BENCH_ECC)) { - #ifndef NO_SW_BENCH - bench_ecc(0); - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - !defined(NO_HW_BENCH) - bench_ecc(1); - #endif - } - #ifdef HAVE_ECC_ENCRYPT - if (bench_all || (bench_asym_algs & BENCH_ECC_ENCRYPT)) - bench_eccEncrypt(); - #endif -#endif - -#ifdef HAVE_CURVE25519 - if (bench_all || (bench_asym_algs & BENCH_CURVE25519_KEYGEN)) - bench_curve25519KeyGen(); - #ifdef HAVE_CURVE25519_SHARED_SECRET - if (bench_all || (bench_asym_algs & BENCH_CURVE25519_KA)) - bench_curve25519KeyAgree(); - #endif -#endif - -#ifdef HAVE_ED25519 - if (bench_all || (bench_asym_algs & BENCH_ED25519_KEYGEN)) - bench_ed25519KeyGen(); - if (bench_all || (bench_asym_algs & BENCH_ED25519_SIGN)) - bench_ed25519KeySign(); -#endif - -#ifdef HAVE_CURVE448 - if (bench_all || (bench_asym_algs & BENCH_CURVE448_KEYGEN)) - bench_curve448KeyGen(); - #ifdef HAVE_CURVE448_SHARED_SECRET - if (bench_all || (bench_asym_algs & BENCH_CURVE448_KA)) - bench_curve448KeyAgree(); - #endif -#endif - -#ifdef HAVE_ED448 - if (bench_all || (bench_asym_algs & BENCH_ED448_KEYGEN)) - bench_ed448KeyGen(); - if (bench_all || (bench_asym_algs & BENCH_ED448_SIGN)) - bench_ed448KeySign(); -#endif - -exit: - /* free benchmark buffers */ - XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); -#ifdef WOLFSSL_ASYNC_CRYPT - XFREE(bench_key, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - XFREE(bench_iv, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); -#endif - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - wc_CryptoCb_CleanupIntelQa(&devId); -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - wc_CryptoCb_CleanupOcteon(&devId); -#endif -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - /* free event queue */ - wolfEventQueue_Free(&eventQueue); -#endif - -#if defined(HAVE_LOCAL_RNG) - wc_FreeRng(&gRng); -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - wolfAsync_DevClose(&devId); -#endif - -/* cleanup the thread if fixed point cache is enabled and have thread local */ -#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) - wc_ecc_fp_free(); -#endif - - (void)bench_cipher_algs; - (void)bench_digest_algs; - (void)bench_mac_algs; - (void)bench_asym_algs; - (void)bench_other_algs; - - return NULL; -} - -int benchmark_init(void) -{ - int ret = 0; - - benchmark_static_init(); - -#ifdef WOLFSSL_STATIC_MEMORY - ret = wc_LoadStaticMemory(&HEAP_HINT, gBenchMemory, sizeof(gBenchMemory), - WOLFMEM_GENERAL, 1); - if (ret != 0) { - printf("unable to load static memory %d\n", ret); - } -#endif /* WOLFSSL_STATIC_MEMORY */ - - if ((ret = wolfCrypt_Init()) != 0) { - printf("wolfCrypt_Init failed %d\n", ret); - return EXIT_FAILURE; - } - - bench_stats_init(); - -#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) - wolfSSL_Debugging_ON(); -#endif - - if (csv_format == 1) { - printf("wolfCrypt Benchmark (block bytes %d, min %.1f sec each)\n", - (int)BENCH_SIZE, BENCH_MIN_RUNTIME_SEC); - printf("This format allows you to easily copy the output to a csv file."); - printf("\n\nSymmetric Ciphers:\n\n"); - printf("Algorithm,MB/s,Cycles per byte,\n"); - } else { - printf("wolfCrypt Benchmark (block bytes %d, min %.1f sec each)\n", - (int)BENCH_SIZE, BENCH_MIN_RUNTIME_SEC); - } - -#ifdef HAVE_WNR - ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000); - if (ret != 0) { - printf("Whitewood netRandom config init failed %d\n", ret); - } -#endif /* HAVE_WNR */ - - return ret; -} - -int benchmark_free(void) -{ - int ret; - -#ifdef HAVE_WNR - ret = wc_FreeNetRandom(); - if (ret < 0) { - printf("Failed to free netRandom context %d\n", ret); - } -#endif - - if (gPrintStats || devId != INVALID_DEVID) { - bench_stats_print(); - } - - bench_stats_free(); - - if ((ret = wolfCrypt_Cleanup()) != 0) { - printf("error %d with wolfCrypt_Cleanup\n", ret); - } - - return ret; -} - -/* so embedded projects can pull in tests on their own */ -#ifdef HAVE_STACK_SIZE -THREAD_RETURN WOLFSSL_THREAD benchmark_test(void* args) -#else -int benchmark_test(void *args) -#endif -{ - int ret; - - (void)args; - - printf("------------------------------------------------------------------------------\n"); - printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); - printf("------------------------------------------------------------------------------\n"); - - ret = benchmark_init(); - if (ret != 0) - EXIT_TEST(ret); - -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) -{ - int i; - - if (g_threadCount == 0) { - #ifdef WC_ASYNC_BENCH_THREAD_COUNT - g_threadCount = WC_ASYNC_BENCH_THREAD_COUNT; - #else - g_threadCount = wc_AsyncGetNumberOfCpus(); - #endif - } - - printf("CPUs: %d\n", g_threadCount); - - g_threadData = (ThreadData*)XMALLOC(sizeof(ThreadData) * g_threadCount, - HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (g_threadData == NULL) { - printf("Thread data alloc failed!\n"); - EXIT_TEST(EXIT_FAILURE); - } - - /* Create threads */ - for (i = 0; i < g_threadCount; i++) { - ret = wc_AsyncThreadCreate(&g_threadData[i].thread_id, - benchmarks_do, &g_threadData[i]); - if (ret != 0) { - printf("Error creating benchmark thread %d\n", ret); - EXIT_TEST(EXIT_FAILURE); - } - } - - /* Start threads */ - for (i = 0; i < g_threadCount; i++) { - wc_AsyncThreadJoin(&g_threadData[i].thread_id); - } - - XFREE(g_threadData, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -} -#else - benchmarks_do(NULL); -#endif - - printf("Benchmark complete\n"); - - ret = benchmark_free(); - - EXIT_TEST(ret); -} - - -#ifndef WC_NO_RNG -void bench_rng(void) -{ - int ret, i, count; - double start; - long pos, len, remain; - WC_RNG myrng; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&myrng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&myrng); -#endif - if (ret < 0) { - printf("InitRNG failed %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - /* Split request to handle large RNG request */ - pos = 0; - remain = (int)BENCH_SIZE; - while (remain > 0) { - len = remain; - if (len > RNG_MAX_BLOCK_LEN) - len = RNG_MAX_BLOCK_LEN; - ret = wc_RNG_GenerateBlock(&myrng, &bench_plain[pos], (word32)len); - if (ret < 0) - goto exit_rng; - - remain -= len; - pos += len; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_rng: - bench_stats_sym_finish("RNG", 0, count, bench_size, start, ret); - - wc_FreeRng(&myrng); -} -#endif /* WC_NO_RNG */ - - -#ifndef NO_AES - -#ifdef HAVE_AES_CBC -static void bench_aescbc_internal(int doAsync, const byte* key, word32 keySz, - const byte* iv, const char* encLabel, - const char* decLabel) -{ - int ret = 0, i, count = 0, times, pending = 0; - Aes enc[BENCH_MAX_PENDING]; - double start; - - /* clear for done cleanup */ - XMEMSET(enc, 0, sizeof(enc)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(&enc[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("AesInit failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesCbcEncrypt(&enc[i], bench_plain, bench_cipher, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_aes_enc; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_enc: - bench_stats_sym_finish(encLabel, doAsync, count, bench_size, start, ret); - - if (ret < 0) { - goto exit; - } - -#ifdef HAVE_AES_DECRYPT - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_AesSetKey(&enc[i], key, keySz, iv, AES_DECRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesCbcDecrypt(&enc[i], bench_plain, bench_cipher, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_aes_dec; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_dec: - bench_stats_sym_finish(decLabel, doAsync, count, bench_size, start, ret); - -#endif /* HAVE_AES_DECRYPT */ - - (void)decLabel; -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_AesFree(&enc[i]); - } -} - -void bench_aescbc(int doAsync) -{ -#ifdef WOLFSSL_AES_128 - bench_aescbc_internal(doAsync, bench_key, 16, bench_iv, - "AES-128-CBC-enc", "AES-128-CBC-dec"); -#endif -#ifdef WOLFSSL_AES_192 - bench_aescbc_internal(doAsync, bench_key, 24, bench_iv, - "AES-192-CBC-enc", "AES-192-CBC-dec"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aescbc_internal(doAsync, bench_key, 32, bench_iv, - "AES-256-CBC-enc", "AES-256-CBC-dec"); -#endif -} - -#endif /* HAVE_AES_CBC */ - -#ifdef HAVE_AESGCM -static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz, - const byte* iv, word32 ivSz, - const char* encLabel, const char* decLabel) -{ - int ret = 0, i, count = 0, times, pending = 0; - Aes enc[BENCH_MAX_PENDING]; -#ifdef HAVE_AES_DECRYPT - Aes dec[BENCH_MAX_PENDING]; -#endif - double start; - - DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); - DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(enc, 0, sizeof(enc)); -#ifdef HAVE_AES_DECRYPT - XMEMSET(dec, 0, sizeof(dec)); -#endif -#ifdef WOLFSSL_ASYNC_CRYPT - if (bench_additional) -#endif - XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); -#ifdef WOLFSSL_ASYNC_CRYPT - if (bench_tag) -#endif - XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(&enc[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("AesInit failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_AesGcmSetKey(&enc[i], key, keySz); - if (ret != 0) { - printf("AesGcmSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - /* GCM uses same routine in backend for both encrypt and decrypt */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesGcmEncrypt(&enc[i], bench_cipher, - bench_plain, BENCH_SIZE, - iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, - bench_additional, aesAuthAddSz); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_aes_gcm; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_gcm: - bench_stats_sym_finish(encLabel, doAsync, count, bench_size, start, ret); - -#ifdef HAVE_AES_DECRYPT - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(&dec[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("AesInit failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_AesGcmSetKey(&dec[i], key, keySz); - if (ret != 0) { - printf("AesGcmSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, numBlocks, &pending)) { - ret = wc_AesGcmDecrypt(&dec[i], bench_plain, - bench_cipher, BENCH_SIZE, - iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, - bench_additional, aesAuthAddSz); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, &pending)) { - goto exit_aes_gcm_dec; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_gcm_dec: - bench_stats_sym_finish(decLabel, doAsync, count, bench_size, start, ret); -#endif /* HAVE_AES_DECRYPT */ - - (void)decLabel; - -exit: - - if (ret < 0) { - printf("bench_aesgcm failed: %d\n", ret); - } -#ifdef HAVE_AES_DECRYPT - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_AesFree(&dec[i]); - } -#endif - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_AesFree(&enc[i]); - } - - FREE_VAR(bench_additional, HEAP_HINT); - FREE_VAR(bench_tag, HEAP_HINT); -} - -void bench_aesgcm(int doAsync) -{ -#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) - bench_aesgcm_internal(doAsync, bench_key, 16, bench_iv, 12, - "AES-128-GCM-enc", "AES-128-GCM-dec"); -#endif -#if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) - bench_aesgcm_internal(doAsync, bench_key, 24, bench_iv, 12, - "AES-192-GCM-enc", "AES-192-GCM-dec"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aesgcm_internal(doAsync, bench_key, 32, bench_iv, 12, - "AES-256-GCM-enc", "AES-256-GCM-dec"); -#endif -} -#endif /* HAVE_AESGCM */ - - -#ifdef WOLFSSL_AES_DIRECT -static void bench_aesecb_internal(int doAsync, const byte* key, word32 keySz, - const char* encLabel, const char* decLabel) -{ - int ret, i, count = 0, times, pending = 0; - Aes enc[BENCH_MAX_PENDING]; - double start; - - /* clear for done cleanup */ - XMEMSET(enc, 0, sizeof(enc)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_AesInit(&enc[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("AesInit failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - wc_AesEncryptDirect(&enc[i], bench_cipher, bench_plain); - ret = 0; - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_aes_enc; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_enc: - bench_stats_sym_finish(encLabel, doAsync, count, AES_BLOCK_SIZE, - start, ret); - -#ifdef HAVE_AES_DECRYPT - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_AesSetKey(&enc[i], key, keySz, bench_iv, AES_DECRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - wc_AesDecryptDirect(&enc[i], bench_plain, - bench_cipher); - ret = 0; - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_aes_dec; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_aes_dec: - bench_stats_sym_finish(decLabel, doAsync, count, AES_BLOCK_SIZE, - start, ret); - -#endif /* HAVE_AES_DECRYPT */ - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_AesFree(&enc[i]); - } -} - -void bench_aesecb(int doAsync) -{ -#ifdef WOLFSSL_AES_128 - bench_aesecb_internal(doAsync, bench_key, 16, - "AES-128-ECB-enc", "AES-128-ECB-dec"); -#endif -#ifdef WOLFSSL_AES_192 - bench_aesecb_internal(doAsync, bench_key, 24, - "AES-192-ECB-enc", "AES-192-ECB-dec"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aesecb_internal(doAsync, bench_key, 32, - "AES-256-ECB-enc", "AES-256-ECB-dec"); -#endif -} -#endif /* WOLFSSL_AES_DIRECT */ - -#ifdef WOLFSSL_AES_CFB -static void bench_aescfb_internal(const byte* key, word32 keySz, const byte* iv, - const char* label) -{ - Aes enc; - double start; - int i, ret, count; - - ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - if((ret = wc_AesCfbEncrypt(&enc, bench_plain, bench_cipher, - BENCH_SIZE)) != 0) { - printf("wc_AesCfbEncrypt failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish(label, 0, count, bench_size, start, ret); -} - -void bench_aescfb(void) -{ -#ifdef WOLFSSL_AES_128 - bench_aescfb_internal(bench_key, 16, bench_iv, "AES-128-CFB"); -#endif -#ifdef WOLFSSL_AES_192 - bench_aescfb_internal(bench_key, 24, bench_iv, "AES-192-CFB"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aescfb_internal(bench_key, 32, bench_iv, "AES-256-CFB"); -#endif -} -#endif /* WOLFSSL_AES_CFB */ - - -#ifdef WOLFSSL_AES_OFB -static void bench_aesofb_internal(const byte* key, word32 keySz, const byte* iv, - const char* label) -{ - Aes enc; - double start; - int i, ret, count; - - ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - if((ret = wc_AesOfbEncrypt(&enc, bench_plain, bench_cipher, - BENCH_SIZE)) != 0) { - printf("wc_AesCfbEncrypt failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish(label, 0, count, bench_size, start, ret); -} - -void bench_aesofb(void) -{ -#ifdef WOLFSSL_AES_128 - bench_aesofb_internal(bench_key, 16, bench_iv, "AES-128-OFB"); -#endif -#ifdef WOLFSSL_AES_192 - bench_aesofb_internal(bench_key, 24, bench_iv, "AES-192-OFB"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aesofb_internal(bench_key, 32, bench_iv, "AES-256-OFB"); -#endif -} -#endif /* WOLFSSL_AES_CFB */ - - -#ifdef WOLFSSL_AES_XTS -void bench_aesxts(void) -{ - XtsAes aes; - double start; - int i, count, ret; - - static unsigned char k1[] = { - 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, - 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, - 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, - 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f - }; - - static unsigned char i1[] = { - 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId); - if (ret != 0) { - printf("wc_AesXtsSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - if ((ret = wc_AesXtsEncrypt(&aes, bench_plain, bench_cipher, - BENCH_SIZE, i1, sizeof(i1))) != 0) { - printf("wc_AesXtsEncrypt failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("AES-XTS-enc", 0, count, bench_size, start, ret); - wc_AesXtsFree(&aes); - - /* decryption benchmark */ - ret = wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId); - if (ret != 0) { - printf("wc_AesXtsSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - if ((ret = wc_AesXtsDecrypt(&aes, bench_plain, bench_cipher, - BENCH_SIZE, i1, sizeof(i1))) != 0) { - printf("wc_AesXtsDecrypt failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("AES-XTS-dec", 0, count, bench_size, start, ret); - wc_AesXtsFree(&aes); -} -#endif /* WOLFSSL_AES_XTS */ - - -#ifdef WOLFSSL_AES_COUNTER -static void bench_aesctr_internal(const byte* key, word32 keySz, const byte* iv, - const char* label) -{ - Aes enc; - double start; - int i, count, ret = 0; - - wc_AesSetKeyDirect(&enc, key, keySz, iv, AES_ENCRYPTION); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - if((ret = wc_AesCtrEncrypt(&enc, bench_plain, bench_cipher, BENCH_SIZE)) != 0) { - printf("wc_AesCtrEncrypt failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish(label, 0, count, bench_size, start, ret); -} - -void bench_aesctr(void) -{ -#ifdef WOLFSSL_AES_128 - bench_aesctr_internal(bench_key, 16, bench_iv, "AES-128-CTR"); -#endif -#ifdef WOLFSSL_AES_192 - bench_aesctr_internal(bench_key, 24, bench_iv, "AES-192-CTR"); -#endif -#ifdef WOLFSSL_AES_256 - bench_aesctr_internal(bench_key, 32, bench_iv, "AES-256-CTR"); -#endif -} -#endif /* WOLFSSL_AES_COUNTER */ - - -#ifdef HAVE_AESCCM -void bench_aesccm(void) -{ - Aes enc; - double start; - int ret, i, count; - - DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); - DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); - - XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); - XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); - - if ((ret = wc_AesCcmSetKey(&enc, bench_key, 16)) != 0) { - printf("wc_AesCcmSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_AesCcmEncrypt(&enc, bench_cipher, bench_plain, BENCH_SIZE, - bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, - bench_additional, aesAuthAddSz); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("AES-CCM-Enc", 0, count, bench_size, start, ret); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_AesCcmDecrypt(&enc, bench_plain, bench_cipher, BENCH_SIZE, - bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, - bench_additional, aesAuthAddSz); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("AES-CCM-Dec", 0, count, bench_size, start, ret); - - - FREE_VAR(bench_additional, HEAP_HINT); - FREE_VAR(bench_tag, HEAP_HINT); -} -#endif /* HAVE_AESCCM */ -#endif /* !NO_AES */ - - -#ifdef HAVE_POLY1305 -void bench_poly1305(void) -{ - Poly1305 enc; - byte mac[16]; - double start; - int ret = 0, i, count; - - if (digest_stream) { - ret = wc_Poly1305SetKey(&enc, bench_key, 32); - if (ret != 0) { - printf("Poly1305SetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Poly1305Update failed: %d\n", ret); - break; - } - } - wc_Poly1305Final(&enc, mac); - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("POLY1305", 0, count, bench_size, start, ret); - } - else { - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_Poly1305SetKey(&enc, bench_key, 32); - if (ret != 0) { - printf("Poly1305SetKey failed, ret = %d\n", ret); - return; - } - ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Poly1305Update failed: %d\n", ret); - break; - } - wc_Poly1305Final(&enc, mac); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("POLY1305", 0, count, bench_size, start, ret); - } -} -#endif /* HAVE_POLY1305 */ - - -#ifdef HAVE_CAMELLIA -void bench_camellia(void) -{ - Camellia cam; - double start; - int ret, i, count; - - ret = wc_CamelliaSetKey(&cam, bench_key, 16, bench_iv); - if (ret != 0) { - printf("CamelliaSetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_CamelliaCbcEncrypt(&cam, bench_plain, bench_cipher, - BENCH_SIZE); - if (ret < 0) { - printf("CamelliaCbcEncrypt failed: %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("Camellia", 0, count, bench_size, start, ret); -} -#endif - - -#ifndef NO_DES3 -void bench_des(int doAsync) -{ - int ret = 0, i, count = 0, times, pending = 0; - Des3 enc[BENCH_MAX_PENDING]; - double start; - - /* clear for done cleanup */ - XMEMSET(enc, 0, sizeof(enc)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_Des3Init(&enc[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("Des3Init failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_Des3_SetKey(&enc[i], bench_key, bench_iv, DES_ENCRYPTION); - if (ret != 0) { - printf("Des3_SetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Des3_CbcEncrypt(&enc[i], bench_plain, bench_cipher, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_3des; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_3des: - bench_stats_sym_finish("3DES", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Des3Free(&enc[i]); - } -} -#endif /* !NO_DES3 */ - - -#ifdef HAVE_IDEA -void bench_idea(void) -{ - Idea enc; - double start; - int ret = 0, i, count; - - ret = wc_IdeaSetKey(&enc, bench_key, IDEA_KEY_SIZE, bench_iv, - IDEA_ENCRYPTION); - if (ret != 0) { - printf("Des3_SetKey failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_IdeaCbcEncrypt(&enc, bench_plain, bench_cipher, BENCH_SIZE); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("IDEA", 0, count, bench_size, start, ret); -} -#endif /* HAVE_IDEA */ - - -#ifndef NO_RC4 -void bench_arc4(int doAsync) -{ - int ret = 0, i, count = 0, times, pending = 0; - Arc4 enc[BENCH_MAX_PENDING]; - double start; - - /* clear for done cleanup */ - XMEMSET(enc, 0, sizeof(enc)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if ((ret = wc_Arc4Init(&enc[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) != 0) { - printf("Arc4Init failed, ret = %d\n", ret); - goto exit; - } - - ret = wc_Arc4SetKey(&enc[i], bench_key, 16); - if (ret != 0) { - printf("Arc4SetKey failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Arc4Process(&enc[i], bench_cipher, bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { - goto exit_arc4; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_arc4: - bench_stats_sym_finish("ARC4", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Arc4Free(&enc[i]); - } -} -#endif /* !NO_RC4 */ - - -#ifdef HAVE_HC128 -void bench_hc128(void) -{ - HC128 enc; - double start; - int i, count; - - wc_Hc128_SetKey(&enc, bench_key, bench_iv); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_Hc128_Process(&enc, bench_cipher, bench_plain, BENCH_SIZE); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("HC128", 0, count, bench_size, start, 0); -} -#endif /* HAVE_HC128 */ - - -#ifndef NO_RABBIT -void bench_rabbit(void) -{ - Rabbit enc; - double start; - int i, count; - - wc_RabbitSetKey(&enc, bench_key, bench_iv); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_RabbitProcess(&enc, bench_cipher, bench_plain, BENCH_SIZE); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("RABBIT", 0, count, bench_size, start, 0); -} -#endif /* NO_RABBIT */ - - -#ifdef HAVE_CHACHA -void bench_chacha(void) -{ - ChaCha enc; - double start; - int i, count; - - wc_Chacha_SetKey(&enc, bench_key, 16); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - wc_Chacha_SetIV(&enc, bench_iv, 0); - wc_Chacha_Process(&enc, bench_cipher, bench_plain, BENCH_SIZE); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("CHACHA", 0, count, bench_size, start, 0); -} -#endif /* HAVE_CHACHA*/ - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) -void bench_chacha20_poly1305_aead(void) -{ - double start; - int ret = 0, i, count; - - byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - XMEMSET(authTag, 0, sizeof(authTag)); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0, - bench_plain, BENCH_SIZE, bench_cipher, authTag); - if (ret < 0) { - printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret); - break; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("CHA-POLY", 0, count, bench_size, start, ret); -} -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ - - -#ifndef NO_MD5 -void bench_md5(int doAsync) -{ - wc_Md5 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_MD5_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitMd5_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitMd5_ex failed, ret = %d\n", ret); - goto exit; - } - #ifdef WOLFSSL_PIC32MZ_HASH - wc_Md5SizeSet(&hash[i], numBlocks * BENCH_SIZE); - #endif - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Md5Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_md5; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Md5Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_md5; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitMd5_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Md5Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Md5Final(hash, digest[0]); - if (ret != 0) - goto exit_md5; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_md5: - bench_stats_sym_finish("MD5", doAsync, count, bench_size, start, ret); - -exit: - -#ifdef WOLFSSL_ASYNC_CRYPT - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Md5Free(&hash[i]); - } -#endif - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* !NO_MD5 */ - - -#ifndef NO_SHA -void bench_sha(int doAsync) -{ - wc_Sha hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha failed, ret = %d\n", ret); - goto exit; - } - #ifdef WOLFSSL_PIC32MZ_HASH - wc_ShaSizeSet(&hash[i], numBlocks * BENCH_SIZE); - #endif - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_ShaUpdate(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_ShaFinal(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_ShaUpdate(hash, bench_plain, BENCH_SIZE); - ret |= wc_ShaFinal(hash, digest[0]); - if (ret != 0) - goto exit_sha; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha: - bench_stats_sym_finish("SHA", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_ShaFree(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* NO_SHA */ - - -#ifdef WOLFSSL_SHA224 -void bench_sha224(int doAsync) -{ - wc_Sha224 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA224_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha224_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha224_ex failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha224Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha224; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha224Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha224; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha224_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha224Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha224Final(hash, digest[0]); - if (ret != 0) - goto exit_sha224; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha224: - bench_stats_sym_finish("SHA-224", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha224Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif - -#ifndef NO_SHA256 -void bench_sha256(int doAsync) -{ - wc_Sha256 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA256_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha256_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha256_ex failed, ret = %d\n", ret); - goto exit; - } - #ifdef WOLFSSL_PIC32MZ_HASH - wc_Sha256SizeSet(&hash[i], numBlocks * BENCH_SIZE); - #endif - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha256Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha256; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha256Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha256; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha256_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha256Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha256Final(hash, digest[0]); - if (ret != 0) - goto exit_sha256; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha256: - bench_stats_sym_finish("SHA-256", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha256Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif - -#ifdef WOLFSSL_SHA384 -void bench_sha384(int doAsync) -{ - wc_Sha384 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA384_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha384_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha384_ex failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha384Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha384; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha384Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha384; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha384_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha384Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha384Final(hash, digest[0]); - if (ret != 0) - goto exit_sha384; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha384: - bench_stats_sym_finish("SHA-384", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha384Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif - -#ifdef WOLFSSL_SHA512 -void bench_sha512(int doAsync) -{ - wc_Sha512 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA512_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha512_ex(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha512_ex failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha512Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha512; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha512Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha512; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha512_ex(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha512Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha512Final(hash, digest[0]); - if (ret != 0) - goto exit_sha512; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha512: - bench_stats_sym_finish("SHA-512", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha512Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif - - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 -void bench_sha3_224(int doAsync) -{ - wc_Sha3 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA3_224_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha3_224(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha3_224 failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_224_Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_224; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_224_Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_224; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha3_224(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha3_224_Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha3_224_Final(hash, digest[0]); - if (ret != 0) - goto exit_sha3_224; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha3_224: - bench_stats_sym_finish("SHA3-224", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha3_224_Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* WOLFSSL_NOSHA3_224 */ - -#ifndef WOLFSSL_NOSHA3_256 -void bench_sha3_256(int doAsync) -{ - wc_Sha3 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA3_256_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha3_256(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha3_256 failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_256_Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_256; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_256_Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_256; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha3_256(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha3_256_Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha3_256_Final(hash, digest[0]); - if (ret != 0) - goto exit_sha3_256; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha3_256: - bench_stats_sym_finish("SHA3-256", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha3_256_Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* WOLFSSL_NOSHA3_256 */ - -#ifndef WOLFSSL_NOSHA3_384 -void bench_sha3_384(int doAsync) -{ - wc_Sha3 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA3_384_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha3_384(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha3_384 failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_384_Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_384; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_384_Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_384; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha3_384(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha3_384_Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha3_384_Final(hash, digest[0]); - if (ret != 0) - goto exit_sha3_384; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha3_384: - bench_stats_sym_finish("SHA3-384", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha3_384_Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* WOLFSSL_NOSHA3_384 */ - -#ifndef WOLFSSL_NOSHA3_512 -void bench_sha3_512(int doAsync) -{ - wc_Sha3 hash[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SHA3_512_DIGEST_SIZE, HEAP_HINT); - - /* clear for done cleanup */ - XMEMSET(hash, 0, sizeof(hash)); - - if (digest_stream) { - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_InitSha3_512(&hash[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("InitSha3_512 failed, ret = %d\n", ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_512_Update(&hash[i], bench_plain, - BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_512; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, numBlocks, &pending)) { - ret = wc_Sha3_512_Final(&hash[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hash[i]), 0, ×, &pending)) { - goto exit_sha3_512; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks; times++) { - ret = wc_InitSha3_512(hash, HEAP_HINT, INVALID_DEVID); - ret |= wc_Sha3_512_Update(hash, bench_plain, BENCH_SIZE); - ret |= wc_Sha3_512_Final(hash, digest[0]); - if (ret != 0) - goto exit_sha3_512; - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); - } -exit_sha3_512: - bench_stats_sym_finish("SHA3-512", doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_Sha3_512_Free(&hash[i]); - } - - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* WOLFSSL_NOSHA3_512 */ -#endif - - -#ifdef WOLFSSL_RIPEMD -int bench_ripemd(void) -{ - RipeMd hash; - byte digest[RIPEMD_DIGEST_SIZE]; - double start; - int i, count, ret = 0; - - if (digest_stream) { - ret = wc_InitRipeMd(&hash); - if (ret != 0) { - return ret; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_RipeMdUpdate(&hash, bench_plain, BENCH_SIZE); - if (ret != 0) { - return ret; - } - } - ret = wc_RipeMdFinal(&hash, digest); - if (ret != 0) { - return ret; - } - - count += i; - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_InitRipeMd(&hash); - if (ret != 0) { - return ret; - } - ret = wc_RipeMdUpdate(&hash, bench_plain, BENCH_SIZE); - if (ret != 0) { - return ret; - } - ret = wc_RipeMdFinal(&hash, digest); - if (ret != 0) { - return ret; - } - } - count += i; - } while (bench_stats_sym_check(start)); - } - bench_stats_sym_finish("RIPEMD", 0, count, bench_size, start, ret); - - return 0; -} -#endif - - -#ifdef HAVE_BLAKE2 -void bench_blake2b(void) -{ - Blake2b b2b; - byte digest[64]; - double start; - int ret = 0, i, count; - - if (digest_stream) { - ret = wc_InitBlake2b(&b2b, 64); - if (ret != 0) { - printf("InitBlake2b failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_Blake2bUpdate(&b2b, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Blake2bUpdate failed, ret = %d\n", ret); - return; - } - } - ret = wc_Blake2bFinal(&b2b, digest, 64); - if (ret != 0) { - printf("Blake2bFinal failed, ret = %d\n", ret); - return; - } - count += i; - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_InitBlake2b(&b2b, 64); - if (ret != 0) { - printf("InitBlake2b failed, ret = %d\n", ret); - return; - } - ret = wc_Blake2bUpdate(&b2b, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Blake2bUpdate failed, ret = %d\n", ret); - return; - } - ret = wc_Blake2bFinal(&b2b, digest, 64); - if (ret != 0) { - printf("Blake2bFinal failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - } - bench_stats_sym_finish("BLAKE2b", 0, count, bench_size, start, ret); -} -#endif - -#if defined(HAVE_BLAKE2S) -void bench_blake2s(void) -{ - Blake2s b2s; - byte digest[32]; - double start; - int ret = 0, i, count; - - if (digest_stream) { - ret = wc_InitBlake2s(&b2s, 32); - if (ret != 0) { - printf("InitBlake2s failed, ret = %d\n", ret); - return; - } - - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_Blake2sUpdate(&b2s, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Blake2sUpdate failed, ret = %d\n", ret); - return; - } - } - ret = wc_Blake2sFinal(&b2s, digest, 32); - if (ret != 0) { - printf("Blake2sFinal failed, ret = %d\n", ret); - return; - } - count += i; - } while (bench_stats_sym_check(start)); - } - else { - bench_stats_start(&count, &start); - do { - for (i = 0; i < numBlocks; i++) { - ret = wc_InitBlake2s(&b2s, 32); - if (ret != 0) { - printf("InitBlake2b failed, ret = %d\n", ret); - return; - } - ret = wc_Blake2sUpdate(&b2s, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("Blake2bUpdate failed, ret = %d\n", ret); - return; - } - ret = wc_Blake2sFinal(&b2s, digest, 32); - if (ret != 0) { - printf("Blake2sFinal failed, ret = %d\n", ret); - return; - } - } - count += i; - } while (bench_stats_sym_check(start)); - } - bench_stats_sym_finish("BLAKE2s", 0, count, bench_size, start, ret); -} -#endif - - -#ifdef WOLFSSL_CMAC - -static void bench_cmac_helper(int keySz, const char* outMsg) -{ - Cmac cmac; - byte digest[AES_BLOCK_SIZE]; - word32 digestSz = sizeof(digest); - double start; - int ret, i, count; - - bench_stats_start(&count, &start); - do { - ret = wc_InitCmac(&cmac, bench_key, keySz, WC_CMAC_AES, NULL); - if (ret != 0) { - printf("InitCmac failed, ret = %d\n", ret); - return; - } - - for (i = 0; i < numBlocks; i++) { - ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE); - if (ret != 0) { - printf("CmacUpdate failed, ret = %d\n", ret); - return; - } - } - /* Note: final force zero's the Cmac struct */ - ret = wc_CmacFinal(&cmac, digest, &digestSz); - if (ret != 0) { - printf("CmacFinal failed, ret = %d\n", ret); - return; - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish(outMsg, 0, count, bench_size, start, ret); -} - -void bench_cmac(void) -{ -#ifdef WOLFSSL_AES_128 - bench_cmac_helper(16, "AES-128-CMAC"); -#endif -#ifdef WOLFSSL_AES_256 - bench_cmac_helper(32, "AES-256-CMAC"); -#endif - -} -#endif /* WOLFSSL_CMAC */ - -#ifdef HAVE_SCRYPT - -void bench_scrypt(void) -{ - byte derived[64]; - double start; - int ret, i, count; - - bench_stats_start(&count, &start); - do { - for (i = 0; i < scryptCnt; i++) { - ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, - (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(derived)); - if (ret != 0) { - printf("scrypt failed, ret = %d\n", ret); - goto exit; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("scrypt", 17, "", 0, count, start, ret); -} - -#endif /* HAVE_SCRYPT */ - -#ifndef NO_HMAC - -static void bench_hmac(int doAsync, int type, int digestSz, - byte* key, word32 keySz, const char* label) -{ - Hmac hmac[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; -#ifdef WOLFSSL_ASYNC_CRYPT - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_MAX_DIGEST_SIZE, HEAP_HINT); -#else - byte digest[BENCH_MAX_PENDING][WC_MAX_DIGEST_SIZE]; -#endif - - (void)digestSz; - - /* clear for done cleanup */ - XMEMSET(hmac, 0, sizeof(hmac)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - ret = wc_HmacInit(&hmac[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) { - printf("wc_HmacInit failed for %s, ret = %d\n", label, ret); - goto exit; - } - - ret = wc_HmacSetKey(&hmac[i], type, key, keySz); - if (ret != 0) { - printf("wc_HmacSetKey failed for %s, ret = %d\n", label, ret); - goto exit; - } - } - - bench_stats_start(&count, &start); - do { - for (times = 0; times < numBlocks || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hmac[i]), 0, - ×, numBlocks, &pending)) { - ret = wc_HmacUpdate(&hmac[i], bench_plain, BENCH_SIZE); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hmac[i]), - 0, ×, &pending)) { - goto exit_hmac; - } - } - } /* for i */ - } /* for times */ - count += times; - - times = 0; - do { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&hmac[i]), 0, - ×, numBlocks, &pending)) { - ret = wc_HmacFinal(&hmac[i], digest[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&hmac[i]), - 0, ×, &pending)) { - goto exit_hmac; - } - } - } /* for i */ - } while (pending > 0); - } while (bench_stats_sym_check(start)); -exit_hmac: - bench_stats_sym_finish(label, doAsync, count, bench_size, start, ret); - -exit: - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_HmacFree(&hmac[i]); - } - -#ifdef WOLFSSL_ASYNC_CRYPT - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -#endif -} - -#ifndef NO_MD5 - -void bench_hmac_md5(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_MD5, WC_MD5_DIGEST_SIZE, key, sizeof(key), - "HMAC-MD5"); -} - -#endif /* NO_MD5 */ - -#ifndef NO_SHA - -void bench_hmac_sha(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_SHA, WC_SHA_DIGEST_SIZE, key, sizeof(key), - "HMAC-SHA"); -} - -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - -void bench_hmac_sha224(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_SHA224, WC_SHA224_DIGEST_SIZE, key, sizeof(key), - "HMAC-SHA224"); -} - -#endif /* WOLFSSL_SHA224 */ - -#ifndef NO_SHA256 - -void bench_hmac_sha256(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_SHA256, WC_SHA256_DIGEST_SIZE, key, sizeof(key), - "HMAC-SHA256"); -} - -#endif /* NO_SHA256 */ - -#ifdef WOLFSSL_SHA384 - -void bench_hmac_sha384(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_SHA384, WC_SHA384_DIGEST_SIZE, key, sizeof(key), - "HMAC-SHA384"); -} - -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA512 - -void bench_hmac_sha512(int doAsync) -{ - byte key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - bench_hmac(doAsync, WC_SHA512, WC_SHA512_DIGEST_SIZE, key, sizeof(key), - "HMAC-SHA512"); -} - -#endif /* WOLFSSL_SHA512 */ - -#ifndef NO_PWDBASED -void bench_pbkdf2(void) -{ - double start; - int ret = 0, count = 0; - const char* passwd32 = "passwordpasswordpasswordpassword"; - const byte salt32[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, - 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, - 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, - 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; - byte derived[32]; - - bench_stats_start(&count, &start); - do { - ret = wc_PBKDF2(derived, (const byte*)passwd32, (int)XSTRLEN(passwd32), - salt32, (int)sizeof(salt32), 1000, 32, WC_SHA256); - count++; - } while (bench_stats_sym_check(start)); - bench_stats_sym_finish("PBKDF2", 32, count, 32, start, ret); -} -#endif /* !NO_PWDBASED */ - -#endif /* NO_HMAC */ - -#ifndef NO_RSA - -#if defined(WOLFSSL_KEY_GEN) -static void bench_rsaKeyGen_helper(int doAsync, int keySz) -{ - RsaKey genKey[BENCH_MAX_PENDING]; - double start; - int ret = 0, i, count = 0, times, pending = 0; - const long rsa_e_val = WC_RSA_EXPONENT; - const char**desc = bench_desc_words[lng_index]; - - /* clear for done cleanup */ - XMEMSET(genKey, 0, sizeof(genKey)); - - bench_stats_start(&count, &start); - do { - /* while free pending slots in queue, submit ops */ - for (times = 0; times < genTimes || pending > 0; ) { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0, ×, genTimes, &pending)) { - - wc_FreeRsaKey(&genKey[i]); - ret = wc_InitRsaKey_ex(&genKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret < 0) { - goto exit; - } - - ret = wc_MakeRsaKey(&genKey[i], keySz, rsa_e_val, &gRng); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0, ×, &pending)) { - goto exit; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("RSA", keySz, desc[2], doAsync, count, start, ret); - - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_FreeRsaKey(&genKey[i]); - } -} - -void bench_rsaKeyGen(int doAsync) -{ - int k, keySz; -#ifndef WOLFSSL_SP_MATH - const int keySizes[2] = {1024, 2048}; -#else - const int keySizes[1] = {2048}; -#endif - - for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) { - keySz = keySizes[k]; - bench_rsaKeyGen_helper(doAsync, keySz); - } -} - - -void bench_rsaKeyGen_size(int doAsync, int keySz) -{ - bench_rsaKeyGen_helper(doAsync, keySz); -} -#endif /* WOLFSSL_KEY_GEN */ - -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) - #if defined(WOLFSSL_MDK_SHELL) - static char *certRSAname = "certs/rsa2048.der"; - /* set by shell command */ - static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; } - #elif defined(FREESCALE_MQX) - static char *certRSAname = "a:\\certs\\rsa2048.der"; - #else - static const char *certRSAname = "certs/rsa2048.der"; - #endif -#endif - -#define RSA_BUF_SIZE 384 /* for up to 3072 bit */ - -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) -#elif defined(WOLFSSL_PUBLIC_MP) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) - #if defined(USE_CERT_BUFFERS_2048) -static unsigned char rsa_2048_sig[] = { - 0x8c, 0x9e, 0x37, 0xbf, 0xc3, 0xa6, 0xba, 0x1c, - 0x53, 0x22, 0x40, 0x4b, 0x8b, 0x0d, 0x3c, 0x0e, - 0x2e, 0x8c, 0x31, 0x2c, 0x47, 0xbf, 0x03, 0x48, - 0x18, 0x46, 0x73, 0x8d, 0xd7, 0xdd, 0x17, 0x64, - 0x0d, 0x7f, 0xdc, 0x74, 0xed, 0x80, 0xc3, 0xe8, - 0x9a, 0x18, 0x33, 0xd4, 0xe6, 0xc5, 0xe1, 0x54, - 0x75, 0xd1, 0xbb, 0x40, 0xde, 0xa8, 0xb9, 0x1b, - 0x14, 0xe8, 0xc1, 0x39, 0xeb, 0xa0, 0x69, 0x8a, - 0xc6, 0x9b, 0xef, 0x53, 0xb5, 0x23, 0x2b, 0x78, - 0x06, 0x43, 0x37, 0x11, 0x81, 0x84, 0x73, 0x33, - 0x33, 0xfe, 0xf7, 0x5d, 0x2b, 0x84, 0xd6, 0x83, - 0xd6, 0xdd, 0x55, 0x33, 0xef, 0xd1, 0xf7, 0x12, - 0xb0, 0xc2, 0x0e, 0xb1, 0x78, 0xd4, 0xa8, 0xa3, - 0x25, 0xeb, 0xed, 0x9a, 0xb3, 0xee, 0xc3, 0x7e, - 0xce, 0x13, 0x18, 0x86, 0x31, 0xe1, 0xef, 0x01, - 0x0f, 0x6e, 0x67, 0x24, 0x74, 0xbd, 0x0b, 0x7f, - 0xa9, 0xca, 0x6f, 0xaa, 0x83, 0x28, 0x90, 0x40, - 0xf1, 0xb5, 0x10, 0x0e, 0x26, 0x03, 0x05, 0x5d, - 0x87, 0xb4, 0xe0, 0x4c, 0x98, 0xd8, 0xc6, 0x42, - 0x89, 0x77, 0xeb, 0xb6, 0xd4, 0xe6, 0x26, 0xf3, - 0x31, 0x25, 0xde, 0x28, 0x38, 0x58, 0xe8, 0x2c, - 0xf4, 0x56, 0x7c, 0xb6, 0xfd, 0x99, 0xb0, 0xb0, - 0xf4, 0x83, 0xb6, 0x74, 0xa9, 0x5b, 0x9f, 0xe8, - 0xe9, 0xf1, 0xa1, 0x2a, 0xbd, 0xf6, 0x83, 0x28, - 0x09, 0xda, 0xa6, 0xd6, 0xcd, 0x61, 0x60, 0xf7, - 0x13, 0x4e, 0x46, 0x57, 0x38, 0x1e, 0x11, 0x92, - 0x6b, 0x6b, 0xcf, 0xd3, 0xf4, 0x8b, 0x66, 0x03, - 0x25, 0xa3, 0x7a, 0x2f, 0xce, 0xc1, 0x85, 0xa5, - 0x48, 0x91, 0x8a, 0xb3, 0x4f, 0x5d, 0x98, 0xb1, - 0x69, 0x58, 0x47, 0x69, 0x0c, 0x52, 0xdc, 0x42, - 0x4c, 0xef, 0xe8, 0xd4, 0x4d, 0x6a, 0x33, 0x7d, - 0x9e, 0xd2, 0x51, 0xe6, 0x41, 0xbf, 0x4f, 0xa2 -}; - #elif defined(USE_CERT_BUFFERS_3072) -static unsigned char rsa_3072_sig[] = { - 0x1a, 0xd6, 0x0d, 0xfd, 0xe3, 0x41, 0x95, 0x76, - 0x27, 0x16, 0x7d, 0xc7, 0x94, 0x16, 0xca, 0xa8, - 0x26, 0x08, 0xbe, 0x78, 0x87, 0x72, 0x4c, 0xd9, - 0xa7, 0xfc, 0x33, 0x77, 0x2d, 0x53, 0x07, 0xb5, - 0x8c, 0xce, 0x48, 0x17, 0x9b, 0xff, 0x9f, 0x9b, - 0x17, 0xc4, 0xbb, 0x72, 0xed, 0xdb, 0xa0, 0x34, - 0x69, 0x5b, 0xc7, 0x4e, 0xbf, 0xec, 0x13, 0xc5, - 0x98, 0x71, 0x9a, 0x4e, 0x18, 0x0e, 0xcb, 0xe7, - 0xc6, 0xd5, 0x21, 0x31, 0x7c, 0x0d, 0xae, 0x14, - 0x2b, 0x87, 0x4f, 0x77, 0x95, 0x2e, 0x26, 0xe2, - 0x83, 0xfe, 0x49, 0x1e, 0x87, 0x19, 0x4a, 0x63, - 0x73, 0x75, 0xf1, 0xf5, 0x71, 0xd2, 0xce, 0xd4, - 0x39, 0x2b, 0xd9, 0xe0, 0x76, 0x70, 0xc8, 0xf8, - 0xed, 0xdf, 0x90, 0x57, 0x17, 0xb9, 0x16, 0xf6, - 0xe9, 0x49, 0x48, 0xce, 0x5a, 0x8b, 0xe4, 0x84, - 0x7c, 0xf3, 0x31, 0x68, 0x97, 0x45, 0x68, 0x38, - 0x50, 0x3a, 0x70, 0xbd, 0xb3, 0xd3, 0xd2, 0xe0, - 0x56, 0x5b, 0xc2, 0x0c, 0x2c, 0x10, 0x70, 0x7b, - 0xd4, 0x99, 0xf9, 0x38, 0x31, 0xb1, 0x86, 0xa0, - 0x07, 0xf1, 0xf6, 0x53, 0xb0, 0x44, 0x82, 0x40, - 0xd2, 0xab, 0x0e, 0x71, 0x5d, 0xe1, 0xea, 0x3a, - 0x77, 0xc9, 0xef, 0xfe, 0x54, 0x65, 0xa3, 0x49, - 0xfd, 0xa5, 0x33, 0xaa, 0x16, 0x1a, 0x38, 0xe7, - 0xaa, 0xb7, 0x13, 0xb2, 0x3b, 0xc7, 0x00, 0x87, - 0x12, 0xfe, 0xfd, 0xf4, 0x55, 0x6d, 0x1d, 0x4a, - 0x0e, 0xad, 0xd0, 0x4c, 0x55, 0x91, 0x60, 0xd9, - 0xef, 0x74, 0x69, 0x22, 0x8c, 0x51, 0x65, 0xc2, - 0x04, 0xac, 0xd3, 0x8d, 0xf7, 0x35, 0x29, 0x13, - 0x6d, 0x61, 0x7c, 0x39, 0x2f, 0x41, 0x4c, 0xdf, - 0x38, 0xfd, 0x1a, 0x7d, 0x42, 0xa7, 0x6f, 0x3f, - 0x3d, 0x9b, 0xd1, 0x97, 0xab, 0xc0, 0xa7, 0x28, - 0x1c, 0xc0, 0x02, 0x26, 0xeb, 0xce, 0xf9, 0xe1, - 0x34, 0x45, 0xaf, 0xbf, 0x8d, 0xb8, 0xe0, 0xff, - 0xd9, 0x6f, 0x77, 0xf3, 0xf7, 0xed, 0x6a, 0xbb, - 0x03, 0x52, 0xfb, 0x38, 0xfc, 0xea, 0x9f, 0xc9, - 0x98, 0xed, 0x21, 0x45, 0xaf, 0x43, 0x2b, 0x64, - 0x96, 0x82, 0x30, 0xe9, 0xb4, 0x36, 0x89, 0x77, - 0x07, 0x4a, 0xc6, 0x1f, 0x38, 0x7a, 0xee, 0xb6, - 0x86, 0xf6, 0x2f, 0x03, 0xec, 0xa2, 0xe5, 0x48, - 0xe5, 0x5a, 0xf5, 0x1c, 0xd2, 0xd9, 0xd8, 0x2d, - 0x9d, 0x06, 0x07, 0xc9, 0x8b, 0x5d, 0xe0, 0x0f, - 0x5e, 0x0c, 0x53, 0x27, 0xff, 0x23, 0xee, 0xca, - 0x5e, 0x4d, 0xf1, 0x95, 0x77, 0x78, 0x1f, 0xf2, - 0x44, 0x5b, 0x7d, 0x01, 0x49, 0x61, 0x6f, 0x6d, - 0xbf, 0xf5, 0x19, 0x06, 0x39, 0xe9, 0xe9, 0x29, - 0xde, 0x47, 0x5e, 0x2e, 0x1f, 0x68, 0xf4, 0x32, - 0x5e, 0xe9, 0xd0, 0xa7, 0xb4, 0x2a, 0x45, 0xdf, - 0x15, 0x7d, 0x0d, 0x5b, 0xef, 0xc6, 0x23, 0xac -}; - #else - #error Not Supported Yet! - #endif -#endif - -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) -static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], - int rsaKeySz) -{ - int ret = 0, i, times, count = 0, pending = 0; - word32 idx = 0; -#ifndef WOLFSSL_RSA_VERIFY_ONLY - const char* messageStr = "Everyone gets Friday off."; - const int len = (int)XSTRLEN((char*)messageStr); -#endif - double start = 0.0f; - const char**desc = bench_desc_words[lng_index]; -#ifndef WOLFSSL_RSA_VERIFY_ONLY - DECLARE_VAR_INIT(message, byte, len, messageStr, HEAP_HINT); -#endif - #if !defined(WOLFSSL_MDK5_COMPLv5) - /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ - DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #else - byte* enc[BENCH_MAX_PENDING]; - #endif - #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY) - #if !defined(WOLFSSL_MDK5_COMPLv5) - /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ - DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #else - int idxout; - byte* out[BENCH_MAX_PENDING]; - #endif - #else - byte* out[BENCH_MAX_PENDING]; - #endif - - DECLARE_ARRAY_DYNAMIC_EXE(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY) - DECLARE_ARRAY_DYNAMIC_EXE(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #endif - - if (!rsa_sign_verify) { -#ifndef WOLFSSL_RSA_VERIFY_ONLY - /* begin public RSA */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < ntimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, ntimes, &pending)) { - ret = wc_RsaPublicEncrypt(message, (word32)len, enc[i], - rsaKeySz/8, &rsaKey[i], - &gRng); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV( - &rsaKey[i]), 1, ×, &pending)) { - goto exit_rsa_pub; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_rsa_pub: - bench_stats_asym_finish("RSA", rsaKeySz, desc[0], doAsync, count, - start, ret); -#endif - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - if (ret < 0) { - goto exit; - } - - /* capture resulting encrypt length */ - idx = (word32)(rsaKeySz/8); - - /* begin private async RSA */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < ntimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, ntimes, &pending)) { - ret = wc_RsaPrivateDecrypt(enc[i], idx, out[i], - rsaKeySz/8, &rsaKey[i]); - if (!bench_async_handle(&ret, - BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, &pending)) { - goto exit; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("RSA", rsaKeySz, desc[1], doAsync, count, - start, ret); -#endif - } - else { -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - /* begin RSA sign */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < ntimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, ntimes, &pending)) { - ret = wc_RsaSSL_Sign(message, len, enc[i], - rsaKeySz/8, &rsaKey[i], &gRng); - if (!bench_async_handle(&ret, - BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, &pending)) { - goto exit_rsa_sign; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_rsa_sign: - bench_stats_asym_finish("RSA", rsaKeySz, desc[4], doAsync, count, start, - ret); - - if (ret < 0) { - goto exit; - } -#endif - - /* capture resulting encrypt length */ - idx = rsaKeySz/8; - - /* begin RSA verify */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < ntimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, ntimes, &pending)) { - #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY) - ret = wc_RsaSSL_Verify(enc[i], idx, out[i], - rsaKeySz/8, &rsaKey[i]); - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig)); - idx = sizeof(rsa_2048_sig); - out[i] = NULL; - ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i], - &rsaKey[i]); - if (ret > 0) - ret = 0; - #elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(enc[i], rsa_3072_sig, sizeof(rsa_3072_sig)); - idx = sizeof(rsa_3072_sig); - out[i] = NULL; - ret = wc_RsaSSL_VerifyInline(enc[i], idx, &out[i], - &rsaKey[i]); - if (ret > 0) - ret = 0; - #endif - if (!bench_async_handle(&ret, - BENCH_ASYNC_GET_DEV(&rsaKey[i]), - 1, ×, &pending)) { - goto exit_rsa_verify; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_rsa_verify: - bench_stats_asym_finish("RSA", rsaKeySz, desc[5], doAsync, count, - start, ret); - } - - FREE_ARRAY_DYNAMIC(enc, BENCH_MAX_PENDING, HEAP_HINT); -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - FREE_ARRAY_DYNAMIC(out, BENCH_MAX_PENDING, HEAP_HINT); -#endif - FREE_VAR(message, HEAP_HINT); -} -#endif - -void bench_rsa(int doAsync) -{ - int ret = 0, i; - RsaKey rsaKey[BENCH_MAX_PENDING]; -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - int rsaKeySz; /* used in printf */ - size_t bytes; - const byte* tmp; - word32 idx; - -#ifdef USE_CERT_BUFFERS_1024 - tmp = rsa_key_der_1024; - bytes = (size_t)sizeof_rsa_key_der_1024; - rsaKeySz = 1024; -#elif defined(USE_CERT_BUFFERS_2048) - tmp = rsa_key_der_2048; - bytes = (size_t)sizeof_rsa_key_der_2048; - rsaKeySz = 2048; -#elif defined(USE_CERT_BUFFERS_3072) - tmp = rsa_key_der_3072; - bytes = (size_t)sizeof_rsa_key_der_3072; - rsaKeySz = 3072; -#else - #error "need a cert buffer size" -#endif /* USE_CERT_BUFFERS */ -#endif - - /* clear for done cleanup */ - XMEMSET(rsaKey, 0, sizeof(rsaKey)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - /* setup an async context for each key */ - if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) < 0) { - goto exit_bench_rsa; - } - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - #ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&rsaKey[i], &gRng); - if (ret != 0) - goto exit_bench_rsa; - #endif -#endif - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - /* decode the private key */ - idx = 0; - if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i], - (word32)bytes)) != 0) { - printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); - goto exit_bench_rsa; - } -#elif defined(WOLFSSL_PUBLIC_MP) - #ifdef USE_CERT_BUFFERS_2048 - ret = mp_read_unsigned_bin(&rsaKey[i].n, &tmp[12], 256); - if (ret != 0) { - printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); - goto exit_bench_rsa; - } - ret = mp_set_int(&rsaKey[i].e, WC_RSA_EXPONENT); - if (ret != 0) { - printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); - goto exit_bench_rsa; - } - #else - #error Not supported yet! - #endif - (void)idx; - (void)bytes; -#endif - - } - -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - bench_rsa_helper(doAsync, rsaKey, rsaKeySz); -#endif -exit_bench_rsa: - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_FreeRsaKey(&rsaKey[i]); - } -} - - -#ifdef WOLFSSL_KEY_GEN -/* bench any size of RSA key */ -void bench_rsa_key(int doAsync, int rsaKeySz) -{ - int ret = 0, i, pending = 0; - RsaKey rsaKey[BENCH_MAX_PENDING]; - int isPending[BENCH_MAX_PENDING]; - long exp = 65537l; - - /* clear for done cleanup */ - XMEMSET(rsaKey, 0, sizeof(rsaKey)); - XMEMSET(isPending, 0, sizeof(isPending)); - - /* init keys */ - do { - pending = 0; - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (!isPending[i]) { /* if making the key is pending then just call - * wc_MakeRsaKey again */ - /* setup an async context for each key */ - if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) < 0) { - goto exit_bench_rsa_key; - } - - #ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&rsaKey[i], &gRng); - if (ret != 0) - goto exit_bench_rsa_key; - #endif - } - - /* create the RSA key */ - ret = wc_MakeRsaKey(&rsaKey[i], rsaKeySz, exp, &gRng); - if (ret == WC_PENDING_E) { - isPending[i] = 1; - pending = 1; - } - else if (ret != 0) { - printf("wc_MakeRsaKey failed! %d\n", ret); - goto exit_bench_rsa_key; - } - } /* for i */ - } while (pending > 0); - - bench_rsa_helper(doAsync, rsaKey, rsaKeySz); -exit_bench_rsa_key: - - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_FreeRsaKey(&rsaKey[i]); - } -} -#endif /* WOLFSSL_KEY_GEN */ -#endif /* !NO_RSA */ - - -#ifndef NO_DH - -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) - #if defined(WOLFSSL_MDK_SHELL) - static char *certDHname = "certs/dh2048.der"; - /* set by shell command */ - void set_Bench_DH_File(char * cert) { certDHname = cert ; } - #elif defined(FREESCALE_MQX) - static char *certDHname = "a:\\certs\\dh2048.der"; - #elif defined(NO_ASN) - /* do nothing, but don't need a file */ - #else - static const char *certDHname = "certs/dh2048.der"; - #endif -#endif - -#define BENCH_DH_KEY_SIZE 384 /* for 3072 bit */ -#define BENCH_DH_PRIV_SIZE (BENCH_DH_KEY_SIZE/8) - -void bench_dh(int doAsync) -{ - int ret = 0, i; - int count = 0, times, pending = 0; - const byte* tmp = NULL; - double start = 0.0f; - DhKey dhKey[BENCH_MAX_PENDING]; - int dhKeySz = BENCH_DH_KEY_SIZE * 8; /* used in printf */ - const char**desc = bench_desc_words[lng_index]; -#ifndef NO_ASN - size_t bytes = 0; - word32 idx; -#endif - word32 pubSz[BENCH_MAX_PENDING]; - word32 privSz[BENCH_MAX_PENDING]; - word32 pubSz2; - word32 privSz2; - word32 agreeSz[BENCH_MAX_PENDING]; -#ifdef HAVE_FFDHE_2048 - const DhParams *params = NULL; -#endif - - DECLARE_ARRAY(pub, byte, BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); - DECLARE_VAR(pub2, byte, BENCH_DH_KEY_SIZE, HEAP_HINT); - DECLARE_ARRAY(agree, byte, BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); - DECLARE_ARRAY(priv, byte, BENCH_MAX_PENDING, BENCH_DH_PRIV_SIZE, HEAP_HINT); - DECLARE_VAR(priv2, byte, BENCH_DH_PRIV_SIZE, HEAP_HINT); - - (void)tmp; - - if (!use_ffdhe) { -#if defined(NO_ASN) - dhKeySz = 1024; - /* do nothing, but don't use default FILE */ -#elif defined(USE_CERT_BUFFERS_1024) - tmp = dh_key_der_1024; - bytes = (size_t)sizeof_dh_key_der_1024; - dhKeySz = 1024; -#elif defined(USE_CERT_BUFFERS_2048) - tmp = dh_key_der_2048; - bytes = (size_t)sizeof_dh_key_der_2048; - dhKeySz = 2048; -#elif defined(USE_CERT_BUFFERS_3072) - tmp = dh_key_der_3072; - bytes = (size_t)sizeof_dh_key_der_3072; - dhKeySz = 3072; -#else - #error "need to define a cert buffer size" -#endif /* USE_CERT_BUFFERS */ - } -#ifdef HAVE_FFDHE_2048 - else if (use_ffdhe == 2048) { - params = wc_Dh_ffdhe2048_Get(); - dhKeySz = 2048; - } -#endif -#ifdef HAVE_FFDHE_3072 - else if (use_ffdhe == 3072) { - params = wc_Dh_ffdhe3072_Get(); - dhKeySz = 3072; - } -#endif - - /* clear for done cleanup */ - XMEMSET(dhKey, 0, sizeof(dhKey)); - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - /* setup an async context for each key */ - ret = wc_InitDhKey_ex(&dhKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID); - if (ret != 0) - goto exit; - - /* setup key */ - if (!use_ffdhe) { - #ifdef NO_ASN - ret = wc_DhSetKey(&dhKey[i], dh_p, sizeof(dh_p), dh_g, - sizeof(dh_g)); - #else - idx = 0; - ret = wc_DhKeyDecode(tmp, &idx, &dhKey[i], (word32)bytes); - #endif - } - #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) - else if (params != NULL) { - ret = wc_DhSetKey(&dhKey[i], params->p, params->p_len, params->g, - params->g_len); - } - #endif - if (ret != 0) { - printf("DhKeyDecode failed %d, can't benchmark\n", ret); - goto exit; - } - } - - /* Key Gen */ - bench_stats_start(&count, &start); - do { - /* while free pending slots in queue, submit ops */ - for (times = 0; times < genTimes || pending > 0; ) { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, ×, genTimes, &pending)) { - privSz[i] = 0; - ret = wc_DhGenerateKeyPair(&dhKey[i], &gRng, priv[i], &privSz[i], - pub[i], &pubSz[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, ×, &pending)) { - goto exit_dh_gen; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_dh_gen: - bench_stats_asym_finish("DH", dhKeySz, desc[2], doAsync, count, start, ret); - - if (ret < 0) { - goto exit; - } - - /* Generate key to use as other public */ - ret = wc_DhGenerateKeyPair(&dhKey[0], &gRng, priv2, &privSz2, pub2, &pubSz2); -#ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &dhKey[0].asyncDev, WC_ASYNC_FLAG_NONE); -#endif - - /* Key Agree */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < agreeTimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, ×, agreeTimes, &pending)) { - ret = wc_DhAgree(&dhKey[i], agree[i], &agreeSz[i], priv[i], privSz[i], - pub2, pubSz2); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dhKey[i]), 0, ×, &pending)) { - goto exit; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("DH", dhKeySz, desc[3], doAsync, count, start, ret); - - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_FreeDhKey(&dhKey[i]); - } - - FREE_ARRAY(pub, BENCH_MAX_PENDING, HEAP_HINT); - FREE_VAR(pub2, HEAP_HINT); - FREE_ARRAY(priv, BENCH_MAX_PENDING, HEAP_HINT); - FREE_VAR(priv2, HEAP_HINT); - FREE_ARRAY(agree, BENCH_MAX_PENDING, HEAP_HINT); -} -#endif /* !NO_DH */ - -#ifdef HAVE_NTRU -byte GetEntropy(ENTROPY_CMD cmd, byte* out); - -byte GetEntropy(ENTROPY_CMD cmd, byte* out) -{ - if (cmd == INIT) - return 1; /* using local rng */ - - if (out == NULL) - return 0; - - if (cmd == GET_BYTE_OF_ENTROPY) - return (wc_RNG_GenerateBlock(&gRng, out, 1) == 0) ? 1 : 0; - - if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { - *out = 1; - return 1; - } - - return 0; -} - -void bench_ntru(void) -{ - int i; - double start; - - byte public_key[1027]; - word16 public_key_len = sizeof(public_key); - byte private_key[1120]; - word16 private_key_len = sizeof(private_key); - word16 ntruBits = 128; - word16 type = 0; - word32 ret; - - byte ciphertext[1022]; - word16 ciphertext_len; - byte plaintext[16]; - word16 plaintext_len; - const char**desc = bench_desc_words[lng_index]; - - DRBG_HANDLE drbg; - static byte const aes_key[] = { - 0xf3, 0xe9, 0x87, 0xbb, 0x18, 0x08, 0x3c, 0xaa, - 0x7b, 0x12, 0x49, 0x88, 0xaf, 0xb3, 0x22, 0xd8 - }; - - static byte const wolfsslStr[] = { - 'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' - }; - - for (ntruBits = 128; ntruBits < 257; ntruBits += 64) { - switch (ntruBits) { - case 128: - type = NTRU_EES439EP1; - break; - case 192: - type = NTRU_EES593EP1; - break; - case 256: - type = NTRU_EES743EP1; - break; - } - - ret = ntru_crypto_drbg_instantiate(ntruBits, wolfsslStr, - sizeof(wolfsslStr), (ENTROPY_FN) GetEntropy, &drbg); - if(ret != DRBG_OK) { - printf("NTRU drbg instantiate failed\n"); - return; - } - - /* set key sizes */ - ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len, - NULL, &private_key_len, NULL); - if (ret != NTRU_OK) { - ntru_crypto_drbg_uninstantiate(drbg); - printf("NTRU failed to get key lengths\n"); - return; - } - - ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len, - public_key, &private_key_len, - private_key); - - ntru_crypto_drbg_uninstantiate(drbg); - - if (ret != NTRU_OK) { - printf("NTRU keygen failed\n"); - return; - } - - ret = ntru_crypto_drbg_instantiate(ntruBits, NULL, 0, - (ENTROPY_FN)GetEntropy, &drbg); - if (ret != DRBG_OK) { - printf("NTRU error occurred during DRBG instantiation\n"); - return; - } - - ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, - sizeof(aes_key), aes_key, &ciphertext_len, NULL); - - if (ret != NTRU_OK) { - printf("NTRU error occurred requesting the buffer size needed\n"); - return; - } - - bench_stats_start(&i, &start); - for (i = 0; i < ntimes; i++) { - ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, - sizeof(aes_key), aes_key, &ciphertext_len, ciphertext); - if (ret != NTRU_OK) { - printf("NTRU encrypt error\n"); - return; - } - } - bench_stats_asym_finish("NTRU", ntruBits, desc[6], 0, i, start, ret); - - ret = ntru_crypto_drbg_uninstantiate(drbg); - if (ret != DRBG_OK) { - printf("NTRU error occurred uninstantiating the DRBG\n"); - return; - } - - ret = ntru_crypto_ntru_decrypt(private_key_len, private_key, - ciphertext_len, ciphertext, &plaintext_len, NULL); - - if (ret != NTRU_OK) { - printf("NTRU decrypt error occurred getting the buffer size needed\n"); - return; - } - - plaintext_len = sizeof(plaintext); - - bench_stats_start(&i, &start); - for (i = 0; i < ntimes; i++) { - ret = ntru_crypto_ntru_decrypt(private_key_len, private_key, - ciphertext_len, ciphertext, - &plaintext_len, plaintext); - - if (ret != NTRU_OK) { - printf("NTRU error occurred decrypting the key\n"); - return; - } - } - bench_stats_asym_finish("NTRU", ntruBits, desc[7], 0, i, start, ret); - } - -} - -void bench_ntruKeyGen(void) -{ - double start; - int i; - - byte public_key[1027]; - word16 public_key_len = sizeof(public_key); - byte private_key[1120]; - word16 private_key_len = sizeof(private_key); - word16 ntruBits = 128; - word16 type = 0; - word32 ret; - const char**desc = bench_desc_words[lng_index]; - - DRBG_HANDLE drbg; - static uint8_t const pers_str[] = { - 'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' - }; - - for (ntruBits = 128; ntruBits < 257; ntruBits += 64) { - ret = ntru_crypto_drbg_instantiate(ntruBits, pers_str, - sizeof(pers_str), GetEntropy, &drbg); - if (ret != DRBG_OK) { - printf("NTRU drbg instantiate failed\n"); - return; - } - - switch (ntruBits) { - case 128: - type = NTRU_EES439EP1; - break; - case 192: - type = NTRU_EES593EP1; - break; - case 256: - type = NTRU_EES743EP1; - break; - } - - /* set key sizes */ - ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len, - NULL, &private_key_len, NULL); - - bench_stats_start(&i, &start); - for (i = 0; i < genTimes; i++) { - ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len, - public_key, &private_key_len, - private_key); - } - bench_stats_asym_finish("NTRU", ntruBits, desc[2], 0, i, start, ret); - - if (ret != NTRU_OK) { - return; - } - - ret = ntru_crypto_drbg_uninstantiate(drbg); - - if (ret != NTRU_OK) { - printf("NTRU drbg uninstantiate failed\n"); - return; - } - } -} -#endif - -#ifdef HAVE_ECC - -#ifndef BENCH_ECC_SIZE - #ifdef HAVE_ECC384 - #define BENCH_ECC_SIZE 48 - #else - #define BENCH_ECC_SIZE 32 - #endif -#endif - -/* Default to testing P-256 */ -static int bench_ecc_size = 32; - -void bench_eccMakeKey(int doAsync) -{ - int ret = 0, i, times, count, pending = 0; - const int keySize = bench_ecc_size; - ecc_key genKey[BENCH_MAX_PENDING]; - double start; - const char**desc = bench_desc_words[lng_index]; - - /* clear for done cleanup */ - XMEMSET(&genKey, 0, sizeof(genKey)); - - /* ECC Make Key */ - bench_stats_start(&count, &start); - do { - /* while free pending slots in queue, submit ops */ - for (times = 0; times < genTimes || pending > 0; ) { - bench_async_poll(&pending); - - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0, ×, genTimes, &pending)) { - - wc_ecc_free(&genKey[i]); - ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, doAsync ? devId : INVALID_DEVID); - if (ret < 0) { - goto exit; - } - - ret = wc_ecc_make_key(&gRng, keySize, &genKey[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 0, ×, &pending)) { - goto exit; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("ECC", keySize * 8, desc[2], doAsync, count, start, ret); - - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_ecc_free(&genKey[i]); - } -} - -void bench_ecc(int doAsync) -{ - int ret = 0, i, times, count, pending = 0; - const int keySize = bench_ecc_size; - ecc_key genKey[BENCH_MAX_PENDING]; -#ifdef HAVE_ECC_DHE - ecc_key genKey2[BENCH_MAX_PENDING]; -#endif -#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) -#ifdef HAVE_ECC_VERIFY - int verify[BENCH_MAX_PENDING]; -#endif -#endif - word32 x[BENCH_MAX_PENDING]; - double start; - const char**desc = bench_desc_words[lng_index]; - -#ifdef HAVE_ECC_DHE - DECLARE_ARRAY(shared, byte, BENCH_MAX_PENDING, BENCH_ECC_SIZE, HEAP_HINT); -#endif -#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) - DECLARE_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); - DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, BENCH_ECC_SIZE, HEAP_HINT); -#endif - - /* clear for done cleanup */ - XMEMSET(&genKey, 0, sizeof(genKey)); -#ifdef HAVE_ECC_DHE - XMEMSET(&genKey2, 0, sizeof(genKey2)); -#endif - - /* init keys */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - /* setup an context for each key */ - if ((ret = wc_ecc_init_ex(&genKey[i], HEAP_HINT, - doAsync ? devId : INVALID_DEVID)) < 0) { - goto exit; - } - ret = wc_ecc_make_key(&gRng, keySize, &genKey[i]); - #ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &genKey[i].asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret < 0) { - goto exit; - } - - #ifdef HAVE_ECC_DHE - if ((ret = wc_ecc_init_ex(&genKey2[i], HEAP_HINT, INVALID_DEVID)) < 0) { - goto exit; - } - if ((ret = wc_ecc_make_key(&gRng, keySize, &genKey2[i])) > 0) { - goto exit; - } - #endif - } - -#ifdef HAVE_ECC_DHE - - /* ECC Shared Secret */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < agreeTimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, agreeTimes, &pending)) { - x[i] = (word32)keySize; - ret = wc_ecc_shared_secret(&genKey[i], &genKey2[i], shared[i], &x[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, &pending)) { - goto exit_ecdhe; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_ecdhe: - bench_stats_asym_finish("ECDHE", keySize * 8, desc[3], doAsync, count, start, ret); - - if (ret < 0) { - goto exit; - } -#endif /* HAVE_ECC_DHE */ - -#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) - - /* Init digest to sign */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - for (count = 0; count < keySize; count++) { - digest[i][count] = (byte)count; - } - } - - /* ECC Sign */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < agreeTimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, agreeTimes, &pending)) { - if (genKey[i].state == 0) - x[i] = ECC_MAX_SIG_SIZE; - ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i], &x[i], - &gRng, &genKey[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, &pending)) { - goto exit_ecdsa_sign; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_ecdsa_sign: - bench_stats_asym_finish("ECDSA", keySize * 8, desc[4], doAsync, count, start, ret); - - if (ret < 0) { - goto exit; - } - -#ifdef HAVE_ECC_VERIFY - - /* ECC Verify */ - bench_stats_start(&count, &start); - do { - for (times = 0; times < agreeTimes || pending > 0; ) { - bench_async_poll(&pending); - - /* while free pending slots in queue, submit ops */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, agreeTimes, &pending)) { - if (genKey[i].state == 0) - verify[i] = 0; - ret = wc_ecc_verify_hash(sig[i], x[i], digest[i], - (word32)keySize, &verify[i], &genKey[i]); - if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, &pending)) { - goto exit_ecdsa_verify; - } - } - } /* for i */ - } /* for times */ - count += times; - } while (bench_stats_sym_check(start)); -exit_ecdsa_verify: - bench_stats_asym_finish("ECDSA", keySize * 8, desc[5], doAsync, count, start, ret); -#endif /* HAVE_ECC_VERIFY */ -#endif /* !NO_ASN && HAVE_ECC_SIGN */ - -exit: - - /* cleanup */ - for (i = 0; i < BENCH_MAX_PENDING; i++) { - wc_ecc_free(&genKey[i]); - #ifdef HAVE_ECC_DHE - wc_ecc_free(&genKey2[i]); - #endif - } - -#ifdef HAVE_ECC_DHE - FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT); -#endif -#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) - FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT); - FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); -#endif -} - - -#ifdef HAVE_ECC_ENCRYPT -void bench_eccEncrypt(void) -{ - ecc_key userA, userB; - const int keySize = bench_ecc_size; - byte msg[48]; - byte out[80]; - word32 outSz = sizeof(out); - word32 bench_plainSz = BENCH_SIZE; - int ret, i, count; - double start; - const char**desc = bench_desc_words[lng_index]; - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) { - printf("wc_ecc_encrypt make key A failed: %d\n", ret); - return; - } - - ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); - if (ret != 0) { - printf("wc_ecc_encrypt make key B failed: %d\n", ret); - wc_ecc_free(&userA); - return; - } - - ret = wc_ecc_make_key(&gRng, keySize, &userA); -#ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto exit; - ret = wc_ecc_make_key(&gRng, keySize, &userB); -#ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto exit; - - for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = i; - - bench_stats_start(&count, &start); - do { - for (i = 0; i < ntimes; i++) { - /* encrypt msg to B */ - ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); - if (ret != 0) { - printf("wc_ecc_encrypt failed! %d\n", ret); - goto exit_enc; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_enc: - bench_stats_asym_finish("ECC", keySize * 8, desc[6], 0, count, start, ret); - - bench_stats_start(&count, &start); - do { - for (i = 0; i < ntimes; i++) { - /* decrypt msg from A */ - ret = wc_ecc_decrypt(&userB, &userA, out, outSz, bench_plain, &bench_plainSz, NULL); - if (ret != 0) { - printf("wc_ecc_decrypt failed! %d\n", ret); - goto exit_dec; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_dec: - bench_stats_asym_finish("ECC", keySize * 8, desc[7], 0, count, start, ret); - -exit: - - /* cleanup */ - wc_ecc_free(&userB); - wc_ecc_free(&userA); -} -#endif -#endif /* HAVE_ECC */ - -#ifdef HAVE_CURVE25519 -void bench_curve25519KeyGen(void) -{ - curve25519_key genKey; - double start; - int ret = 0, i, count; - const char**desc = bench_desc_words[lng_index]; - - /* Key Gen */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < genTimes; i++) { - ret = wc_curve25519_make_key(&gRng, 32, &genKey); - wc_curve25519_free(&genKey); - if (ret != 0) { - printf("wc_curve25519_make_key failed: %d\n", ret); - break; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_asym_finish("CURVE", 25519, desc[2], 0, count, start, ret); -} - -#ifdef HAVE_CURVE25519_SHARED_SECRET -void bench_curve25519KeyAgree(void) -{ - curve25519_key genKey, genKey2; - double start; - int ret, i, count; - byte shared[32]; - const char**desc = bench_desc_words[lng_index]; - word32 x = 0; - - wc_curve25519_init(&genKey); - wc_curve25519_init(&genKey2); - - ret = wc_curve25519_make_key(&gRng, 32, &genKey); - if (ret != 0) { - printf("curve25519_make_key failed\n"); - return; - } - ret = wc_curve25519_make_key(&gRng, 32, &genKey2); - if (ret != 0) { - printf("curve25519_make_key failed: %d\n", ret); - wc_curve25519_free(&genKey); - return; - } - - /* Shared secret */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - x = sizeof(shared); - ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x); - if (ret != 0) { - printf("curve25519_shared_secret failed: %d\n", ret); - goto exit; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("CURVE", 25519, desc[3], 0, count, start, ret); - - wc_curve25519_free(&genKey2); - wc_curve25519_free(&genKey); -} -#endif /* HAVE_CURVE25519_SHARED_SECRET */ -#endif /* HAVE_CURVE25519 */ - -#ifdef HAVE_ED25519 -void bench_ed25519KeyGen(void) -{ - ed25519_key genKey; - double start; - int i, count; - const char**desc = bench_desc_words[lng_index]; - - /* Key Gen */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < genTimes; i++) { - wc_ed25519_init(&genKey); - (void)wc_ed25519_make_key(&gRng, 32, &genKey); - wc_ed25519_free(&genKey); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_asym_finish("ED", 25519, desc[2], 0, count, start, 0); -} - - -void bench_ed25519KeySign(void) -{ - int ret; - ed25519_key genKey; -#ifdef HAVE_ED25519_SIGN - double start; - int i, count; - byte sig[ED25519_SIG_SIZE]; - byte msg[512]; - word32 x = 0; -#endif - const char**desc = bench_desc_words[lng_index]; - - wc_ed25519_init(&genKey); - - ret = wc_ed25519_make_key(&gRng, ED25519_KEY_SIZE, &genKey); - if (ret != 0) { - printf("ed25519_make_key failed\n"); - return; - } - -#ifdef HAVE_ED25519_SIGN - /* make dummy msg */ - for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = (byte)i; - - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - x = sizeof(sig); - ret = wc_ed25519_sign_msg(msg, sizeof(msg), sig, &x, &genKey); - if (ret != 0) { - printf("ed25519_sign_msg failed\n"); - goto exit_ed_sign; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_ed_sign: - bench_stats_asym_finish("ED", 25519, desc[4], 0, count, start, ret); - -#ifdef HAVE_ED25519_VERIFY - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - int verify = 0; - ret = wc_ed25519_verify_msg(sig, x, msg, sizeof(msg), &verify, - &genKey); - if (ret != 0 || verify != 1) { - printf("ed25519_verify_msg failed\n"); - goto exit_ed_verify; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_ed_verify: - bench_stats_asym_finish("ED", 25519, desc[5], 0, count, start, ret); -#endif /* HAVE_ED25519_VERIFY */ -#endif /* HAVE_ED25519_SIGN */ - - wc_ed25519_free(&genKey); -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE448 -void bench_curve448KeyGen(void) -{ - curve448_key genKey; - double start; - int ret = 0, i, count; - const char**desc = bench_desc_words[lng_index]; - - /* Key Gen */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < genTimes; i++) { - ret = wc_curve448_make_key(&gRng, 56, &genKey); - wc_curve448_free(&genKey); - if (ret != 0) { - printf("wc_curve448_make_key failed: %d\n", ret); - break; - } - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_asym_finish("CURVE", 448, desc[2], 0, count, start, ret); -} - -#ifdef HAVE_CURVE448_SHARED_SECRET -void bench_curve448KeyAgree(void) -{ - curve448_key genKey, genKey2; - double start; - int ret, i, count; - byte shared[56]; - const char**desc = bench_desc_words[lng_index]; - word32 x = 0; - - wc_curve448_init(&genKey); - wc_curve448_init(&genKey2); - - ret = wc_curve448_make_key(&gRng, 56, &genKey); - if (ret != 0) { - printf("curve448_make_key failed\n"); - return; - } - ret = wc_curve448_make_key(&gRng, 56, &genKey2); - if (ret != 0) { - printf("curve448_make_key failed: %d\n", ret); - wc_curve448_free(&genKey); - return; - } - - /* Shared secret */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - x = sizeof(shared); - ret = wc_curve448_shared_secret(&genKey, &genKey2, shared, &x); - if (ret != 0) { - printf("curve448_shared_secret failed: %d\n", ret); - goto exit; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit: - bench_stats_asym_finish("CURVE", 448, desc[3], 0, count, start, ret); - - wc_curve448_free(&genKey2); - wc_curve448_free(&genKey); -} -#endif /* HAVE_CURVE448_SHARED_SECRET */ -#endif /* HAVE_CURVE448 */ - -#ifdef HAVE_ED448 -void bench_ed448KeyGen(void) -{ - ed448_key genKey; - double start; - int i, count; - const char**desc = bench_desc_words[lng_index]; - - /* Key Gen */ - bench_stats_start(&count, &start); - do { - for (i = 0; i < genTimes; i++) { - wc_ed448_init(&genKey); - (void)wc_ed448_make_key(&gRng, ED448_KEY_SIZE, &genKey); - wc_ed448_free(&genKey); - } - count += i; - } while (bench_stats_sym_check(start)); - bench_stats_asym_finish("ED", 448, desc[2], 0, count, start, 0); -} - - -void bench_ed448KeySign(void) -{ - int ret; - ed448_key genKey; -#ifdef HAVE_ED448_SIGN - double start; - int i, count; - byte sig[ED448_SIG_SIZE]; - byte msg[512]; - word32 x = 0; -#endif - const char**desc = bench_desc_words[lng_index]; - - wc_ed448_init(&genKey); - - ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, &genKey); - if (ret != 0) { - printf("ed448_make_key failed\n"); - return; - } - -#ifdef HAVE_ED448_SIGN - /* make dummy msg */ - for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = (byte)i; - - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - x = sizeof(sig); - ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, &genKey, - NULL, 0); - if (ret != 0) { - printf("ed448_sign_msg failed\n"); - goto exit_ed_sign; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_ed_sign: - bench_stats_asym_finish("ED", 448, desc[4], 0, count, start, ret); - -#ifdef HAVE_ED448_VERIFY - bench_stats_start(&count, &start); - do { - for (i = 0; i < agreeTimes; i++) { - int verify = 0; - ret = wc_ed448_verify_msg(sig, x, msg, sizeof(msg), &verify, - &genKey, NULL, 0); - if (ret != 0 || verify != 1) { - printf("ed448_verify_msg failed\n"); - goto exit_ed_verify; - } - } - count += i; - } while (bench_stats_sym_check(start)); -exit_ed_verify: - bench_stats_asym_finish("ED", 448, desc[5], 0, count, start, ret); -#endif /* HAVE_ED448_VERIFY */ -#endif /* HAVE_ED448_SIGN */ - - wc_ed448_free(&genKey); -} -#endif /* HAVE_ED448 */ - -#ifndef HAVE_STACK_SIZE -#if defined(_WIN32) && !defined(INTIME_RTOS) - - #define WIN32_LEAN_AND_MEAN - #include <windows.h> - - double current_time(int reset) - { - static int init = 0; - static LARGE_INTEGER freq; - - LARGE_INTEGER count; - - (void)reset; - - if (!init) { - QueryPerformanceFrequency(&freq); - init = 1; - } - - QueryPerformanceCounter(&count); - - return (double)count.QuadPart / freq.QuadPart; - } - -#elif defined MICROCHIP_PIC32 - #if defined(WOLFSSL_MICROCHIP_PIC32MZ) - #define CLOCK 80000000.0 - #else - #define CLOCK 40000000.0 - #endif - extern void WriteCoreTimer(word32 t); - extern word32 ReadCoreTimer(void); - double current_time(int reset) - { - unsigned int ns; - - if (reset) { - WriteCoreTimer(0); - } - - /* get timer in ns */ - ns = ReadCoreTimer(); - - /* return seconds as a double */ - return ( ns / CLOCK * 2.0); - } - -#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || \ - defined(WOLFSSL_USER_CURRTIME) || defined(WOLFSSL_CURRTIME_REMAP) - /* declared above at line 239 */ - /* extern double current_time(int reset); */ - -#elif defined(FREERTOS) - - #include "task.h" -#if defined(WOLFSSL_ESPIDF) - /* proto type definition */ - int construct_argv(); - extern char* __argv[22]; -#endif - double current_time(int reset) - { - portTickType tickCount; - - (void) reset; - - /* tick count == ms, if configTICK_RATE_HZ is set to 1000 */ - tickCount = xTaskGetTickCount(); - return (double)tickCount / 1000; - } - -#elif defined (WOLFSSL_TIRTOS) - - extern double current_time(int reset); - -#elif defined(FREESCALE_MQX) - - double current_time(int reset) - { - TIME_STRUCT tv; - _time_get(&tv); - - return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000; - } - -#elif defined(FREESCALE_KSDK_BM) - - double current_time(int reset) - { - return (double)OSA_TimeGetMsec() / 1000; - } - -#elif defined(WOLFSSL_EMBOS) - - #include "RTOS.h" - - double current_time(int reset) - { - double time_now; - double current_s = OS_GetTime() / 1000.0; - double current_us = OS_GetTime_us() / 1000000.0; - time_now = (double)( current_s + current_us); - - (void) reset; - - return time_now; - } -#elif defined(WOLFSSL_SGX) - double current_time(int reset); - -#elif defined(WOLFSSL_DEOS) - double current_time(int reset) - { - const uint32_t systemTickTimeInHz = 1000000 / systemTickInMicroseconds(); - uint32_t *systemTickPtr = systemTickPointer(); - - (void)reset; - - return (double) *systemTickPtr/systemTickTimeInHz; - } - -#elif defined(MICRIUM) - double current_time(int reset) - { - CPU_ERR err; - - (void)reset; - return (double) CPU_TS_Get32()/CPU_TS_TmrFreqGet(&err); - } -#elif defined(WOLFSSL_ZEPHYR) - - #include <time.h> - - double current_time(int reset) - { - (void)reset; - - #if defined(CONFIG_ARCH_POSIX) - k_cpu_idle(); - #endif - - return (double)k_uptime_get() / 1000; - } - -#elif defined(WOLFSSL_NETBURNER) - #include <predef.h> - #include <utils.h> - #include <constants.h> - - double current_time(int reset) - { - DWORD ticks = TimeTick; /* ticks since system start */ - (void)reset; - - return (double) ticks/TICKS_PER_SECOND; - } - -#elif defined(THREADX) - #include "tx_api.h" - double current_time(int reset) - { - (void)reset; - return (double) tx_time_get() / TX_TIMER_TICKS_PER_SECOND; - } - -#elif defined(WOLFSSL_XILINX) - #ifndef XPAR_CPU_CORTEXA53_0_TIMESTAMP_CLK_FREQ - #define XPAR_CPU_CORTEXA53_0_TIMESTAMP_CLK_FREQ 50000000 - #endif - #ifndef COUNTS_PER_SECOND - #define COUNTS_PER_SECOND XPAR_CPU_CORTEXA53_0_TIMESTAMP_CLK_FREQ - #endif - - double current_time(int reset) - { - double timer; - uint64_t cntPct = 0; - asm volatile("mrs %0, CNTPCT_EL0" : "=r" (cntPct)); - - /* Convert to milliseconds */ - timer = (double)(cntPct / (COUNTS_PER_SECOND / 1000)); - /* Convert to seconds.millisecond */ - timer /= 1000; - return timer; - } - -#else - - #include <sys/time.h> - - double current_time(int reset) - { - struct timeval tv; - - (void)reset; - - gettimeofday(&tv, 0); - - return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; - } - -#endif /* _WIN32 */ -#endif /* !HAVE_STACK_SIZE */ - -#if defined(HAVE_GET_CYCLES) - -static WC_INLINE word64 get_intel_cycles(void) -{ - unsigned int lo_c, hi_c; - __asm__ __volatile__ ( - "cpuid\n\t" - "rdtsc" - : "=a"(lo_c), "=d"(hi_c) /* out */ - : "a"(0) /* in */ - : "%ebx", "%ecx"); /* clobber */ - return ((word64)lo_c) | (((word64)hi_c) << 32); -} - -#endif /* HAVE_GET_CYCLES */ - -void benchmark_configure(int block_size) -{ - /* must be greater than 0 */ - if (block_size > 0) { - numBlocks = numBlocks * bench_size / block_size; - bench_size = (word32)block_size; - } -} - -#ifndef NO_MAIN_DRIVER - -#ifndef MAIN_NO_ARGS - -#ifndef WOLFSSL_BENCHMARK_ALL -/* Display the algorithm string and keep to 80 characters per line. - * - * str Algorithm string to print. - * line Length of line used so far. - */ -static void print_alg(const char* str, int* line) -{ - int optLen; - - optLen = (int)XSTRLEN(str) + 1; - if (optLen + *line > 80) { - printf("\n "); - *line = 13; - } - *line += optLen; - printf(" %s", str); -} -#endif - -/* Display the usage options of the benchmark program. */ -static void Usage(void) -{ -#ifndef WOLFSSL_BENCHMARK_ALL - int i; - int line; -#endif - - printf("benchmark\n"); - printf("%s", bench_Usage_msg1[lng_index][0]); /* option -? */ - printf("%s", bench_Usage_msg1[lng_index][1]); /* option -csv */ - printf("%s", bench_Usage_msg1[lng_index][2]); /* option -base10 */ -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - printf("%s", bench_Usage_msg1[lng_index][3]); /* option -no_add */ -#endif - printf("%s", bench_Usage_msg1[lng_index][4]); /* option -dgst_full */ -#ifndef NO_RSA - printf("%s", bench_Usage_msg1[lng_index][5]); /* option -ras_sign */ - #ifdef WOLFSSL_KEY_GEN - printf("%s", bench_Usage_msg1[lng_index][6]); /* option -rsa-sz */ - #endif -#endif -#if !defined(NO_DH) && defined(HAVE_FFDHE_2048) - printf("%s", bench_Usage_msg1[lng_index][7]); /* option -ffdhe2048 */ -#endif -#if !defined(NO_DH) && defined(HAVE_FFDHE_3072) - printf("%s", bench_Usage_msg1[lng_index][8]); /* option -ffdhe3072 */ -#endif -#if defined(HAVE_ECC) && !defined(NO_ECC256) - printf("%s", bench_Usage_msg1[lng_index][9]); /* option -p256 */ -#endif -#if defined(HAVE_ECC) && defined(HAVE_ECC384) - printf("%s", bench_Usage_msg1[lng_index][10]); /* option -p384 */ -#endif -#ifndef WOLFSSL_BENCHMARK_ALL - printf("%s", bench_Usage_msg1[lng_index][11]); /* option -<alg> */ - printf(" "); - line = 13; - for (i=0; bench_cipher_opt[i].str != NULL; i++) - print_alg(bench_cipher_opt[i].str + 1, &line); - printf("\n "); - line = 13; - for (i=0; bench_digest_opt[i].str != NULL; i++) - print_alg(bench_digest_opt[i].str + 1, &line); - printf("\n "); - line = 13; - for (i=0; bench_mac_opt[i].str != NULL; i++) - print_alg(bench_mac_opt[i].str + 1, &line); - printf("\n "); - line = 13; - for (i=0; bench_asym_opt[i].str != NULL; i++) - print_alg(bench_asym_opt[i].str + 1, &line); - printf("\n "); - line = 13; - for (i=0; bench_other_opt[i].str != NULL; i++) - print_alg(bench_other_opt[i].str + 1, &line); - printf("\n"); -#endif - printf("%s", bench_Usage_msg1[lng_index][12]); /* option -lng */ - printf("%s", bench_Usage_msg1[lng_index][13]); /* option <num> */ -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) - printf("%s", bench_Usage_msg1[lng_index][14]); /* option -threads <num> */ -#endif - printf("%s", bench_Usage_msg1[lng_index][15]); /* option -print */ -} - -/* Match the command line argument with the string. - * - * arg Command line argument. - * str String to check for. - * return 1 if the command line argument matches the string, 0 otherwise. - */ -static int string_matches(const char* arg, const char* str) -{ - int len = (int)XSTRLEN(str) + 1; - return XSTRNCMP(arg, str, len) == 0; -} -#endif /* MAIN_NO_ARGS */ - -#ifdef WOLFSSL_ESPIDF -int wolf_benchmark_task( ) -#elif defined(MAIN_NO_ARGS) -int main() -#else -int main(int argc, char** argv) -#endif -{ - int ret = 0; -#ifndef MAIN_NO_ARGS - int optMatched; -#ifdef WOLFSSL_ESPIDF - int argc = construct_argv(); - char** argv = (char**)__argv; -#endif -#ifndef WOLFSSL_BENCHMARK_ALL - int i; -#endif -#endif - - benchmark_static_init(); - -#ifndef MAIN_NO_ARGS - while (argc > 1) { - if (string_matches(argv[1], "-?")) { - if(--argc>1){ - lng_index = XATOI((++argv)[1]); - if(lng_index<0||lng_index>1) { - lng_index = 0; - } - } - Usage(); - return 0; - } - else if (string_matches(argv[1], "-v")) { - printf("-----------------------------------------------------------" - "-------------------\n wolfSSL version %s\n-----------------" - "-----------------------------------------------------------" - "--\n", LIBWOLFSSL_VERSION_STRING); - return 0; - } - else if (string_matches(argv[1], "-lng")) { - argc--; - argv++; - if(argc>1) { - lng_index = XATOI(argv[1]); - if(lng_index<0||lng_index>1){ - printf("invalid number(%d) is specified. [<num> :0-1]\n",lng_index); - lng_index = 0; - } - } - } - else if (string_matches(argv[1], "-base10")) - base2 = 0; -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - else if (string_matches(argv[1], "-no_aad")) - aesAuthAddSz = 0; -#endif - else if (string_matches(argv[1], "-dgst_full")) - digest_stream = 0; -#ifndef NO_RSA - else if (string_matches(argv[1], "-rsa_sign")) - rsa_sign_verify = 1; -#endif -#if !defined(NO_DH) && defined(HAVE_FFDHE_2048) - else if (string_matches(argv[1], "-ffdhe2048")) - use_ffdhe = 2048; -#endif -#if !defined(NO_DH) && defined(HAVE_FFDHE_3072) - else if (string_matches(argv[1], "-ffdhe3072")) - use_ffdhe = 3072; -#endif -#if defined(HAVE_ECC) && !defined(NO_ECC256) - else if (string_matches(argv[1], "-p256")) - bench_ecc_size = 32; -#endif -#if defined(HAVE_ECC) && defined(HAVE_ECC384) - else if (string_matches(argv[1], "-p384")) - bench_ecc_size = 48; -#endif -#ifdef BENCH_ASYM - else if (string_matches(argv[1], "-csv")) { - csv_format = 1; - csv_header_count = 1; - } -#endif -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) - else if (string_matches(argv[1], "-threads")) { - argc--; - argv++; - if (argc > 1) { - g_threadCount = XATOI(argv[1]); - if (g_threadCount < 1 || lng_index > 128){ - printf("invalid number(%d) is specified. [<num> :1-128]\n", - g_threadCount); - g_threadCount = 0; - } - } - } -#endif - else if (string_matches(argv[1], "-print")) { - gPrintStats = 1; - } - else if (argv[1][0] == '-') { - optMatched = 0; -#ifndef WOLFSSL_BENCHMARK_ALL - /* Check known algorithm choosing command line options. */ - /* Known cipher algorithms */ - for (i=0; !optMatched && bench_cipher_opt[i].str != NULL; i++) { - if (string_matches(argv[1], bench_cipher_opt[i].str)) { - bench_cipher_algs |= bench_cipher_opt[i].val; - bench_all = 0; - optMatched = 1; - } - } - /* Known digest algorithms */ - for (i=0; !optMatched && bench_digest_opt[i].str != NULL; i++) { - if (string_matches(argv[1], bench_digest_opt[i].str)) { - bench_digest_algs |= bench_digest_opt[i].val; - bench_all = 0; - optMatched = 1; - } - } - /* Known MAC algorithms */ - for (i=0; !optMatched && bench_mac_opt[i].str != NULL; i++) { - if (string_matches(argv[1], bench_mac_opt[i].str)) { - bench_mac_algs |= bench_mac_opt[i].val; - bench_all = 0; - optMatched = 1; - } - } - /* Known asymmetric algorithms */ - for (i=0; !optMatched && bench_asym_opt[i].str != NULL; i++) { - if (string_matches(argv[1], bench_asym_opt[i].str)) { - bench_asym_algs |= bench_asym_opt[i].val; - bench_all = 0; - optMatched = 1; - } - } - /* Other known cryptographic algorithms */ - for (i=0; !optMatched && bench_other_opt[i].str != NULL; i++) { - if (string_matches(argv[1], bench_other_opt[i].str)) { - bench_other_algs |= bench_other_opt[i].val; - bench_all = 0; - optMatched = 1; - } - } -#endif - if (!optMatched) { - printf("Option not recognized: %s\n", argv[1]); - Usage(); - return 1; - } - } - else { - /* parse for block size */ - benchmark_configure(XATOI(argv[1])); - } - argc--; - argv++; - } -#endif /* MAIN_NO_ARGS */ - -#ifdef HAVE_STACK_SIZE - ret = StackSizeCheck(NULL, benchmark_test); -#else - ret = benchmark_test(NULL); -#endif - - return ret; -} -#endif /* !NO_MAIN_DRIVER */ - -#else - #ifndef NO_MAIN_DRIVER - int main() { return 0; } - #endif -#endif /* !NO_CRYPT_BENCHMARK */ diff --git a/client/wolfssl/wolfcrypt/benchmark/benchmark.h b/client/wolfssl/wolfcrypt/benchmark/benchmark.h deleted file mode 100644 index c2771bb..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/benchmark.h +++ /dev/null @@ -1,111 +0,0 @@ -/* wolfcrypt/benchmark/benchmark.h - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifndef WOLFCRYPT_BENCHMARK_H -#define WOLFCRYPT_BENCHMARK_H - - -#ifdef __cplusplus - extern "C" { -#endif - -/* run all benchmark entry */ -#ifdef HAVE_STACK_SIZE -THREAD_RETURN WOLFSSL_THREAD benchmark_test(void* args); -#else -int benchmark_test(void *args); -#endif - -/* individual benchmarks */ -int benchmark_init(void); -int benchmark_free(void); -void benchmark_configure(int block_size); - -void bench_des(int); -void bench_idea(void); -void bench_arc4(int); -void bench_hc128(void); -void bench_rabbit(void); -void bench_chacha(void); -void bench_chacha20_poly1305_aead(void); -void bench_aescbc(int); -void bench_aesgcm(int); -void bench_aesccm(void); -void bench_aesecb(int); -void bench_aesxts(void); -void bench_aesctr(void); -void bench_aescfb(void); -void bench_aesofb(void); -void bench_poly1305(void); -void bench_camellia(void); -void bench_md5(int); -void bench_sha(int); -void bench_sha224(int); -void bench_sha256(int); -void bench_sha384(int); -void bench_sha512(int); -void bench_sha3_224(int); -void bench_sha3_256(int); -void bench_sha3_384(int); -void bench_sha3_512(int); -int bench_ripemd(void); -void bench_cmac(void); -void bench_scrypt(void); -void bench_hmac_md5(int); -void bench_hmac_sha(int); -void bench_hmac_sha224(int); -void bench_hmac_sha256(int); -void bench_hmac_sha384(int); -void bench_hmac_sha512(int); -void bench_rsaKeyGen(int); -void bench_rsaKeyGen_size(int, int); -void bench_rsa(int); -void bench_rsa_key(int, int); -void bench_dh(int); -void bench_eccMakeKey(int); -void bench_ecc(int); -void bench_eccEncrypt(void); -void bench_curve25519KeyGen(void); -void bench_curve25519KeyAgree(void); -void bench_ed25519KeyGen(void); -void bench_ed25519KeySign(void); -void bench_curve448KeyGen(void); -void bench_curve448KeyAgree(void); -void bench_ed448KeyGen(void); -void bench_ed448KeySign(void); -void bench_ntru(void); -void bench_ntruKeyGen(void); -void bench_rng(void); -void bench_blake2b(void); -void bench_blake2s(void); -void bench_pbkdf2(void); - -void bench_stats_print(void); - - -#ifdef __cplusplus - } /* extern "C" */ -#endif - - -#endif /* WOLFCRYPT_BENCHMARK_H */ - diff --git a/client/wolfssl/wolfcrypt/benchmark/benchmark.sln b/client/wolfssl/wolfcrypt/benchmark/benchmark.sln deleted file mode 100644 index 6c55572..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/benchmark.sln +++ /dev/null @@ -1,59 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 9.00 -# Visual C++ Express 2005 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcproj", "{615AEC46-5595-4DEA-9490-DBD5DE0F8772}" - ProjectSection(ProjectDependencies) = postProject - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - DLL Debug|Win32 = DLL Debug|Win32 - DLL Debug|x64 = DLL Debug|x64 - DLL Release|Win32 = DLL Release|Win32 - DLL Release|x64 = DLL Release|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Debug|Win32.ActiveCfg = Debug|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Debug|Win32.Build.0 = Debug|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Debug|x64.ActiveCfg = Debug|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Debug|x64.Build.0 = Debug|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Debug|Win32.ActiveCfg = Debug|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Debug|Win32.Build.0 = Debug|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Debug|x64.ActiveCfg = Debug|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Debug|x64.Build.0 = Debug|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Release|Win32.ActiveCfg = Release|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Release|Win32.Build.0 = Release|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Release|x64.ActiveCfg = Release|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.DLL Release|x64.Build.0 = Release|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Release|Win32.ActiveCfg = Release|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Release|Win32.Build.0 = Release|Win32 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Release|x64.ActiveCfg = Release|x64 - {615AEC46-5595-4DEA-9490-DBD5DE0F8772}.Release|x64.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/client/wolfssl/wolfcrypt/benchmark/benchmark.vcproj b/client/wolfssl/wolfcrypt/benchmark/benchmark.vcproj deleted file mode 100644 index 86c58c9..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/benchmark.vcproj +++ /dev/null @@ -1,197 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<VisualStudioProject - ProjectType="Visual C++" - Version="8.00" - Name="benchmark" - ProjectGUID="{615AEC46-5595-4DEA-9490-DBD5DE0F8772}" - Keyword="Win32Proj" - > - <Platforms> - <Platform - Name="Win32" - /> - </Platforms> - <ToolFiles> - </ToolFiles> - <Configurations> - <Configuration - Name="Debug|Win32" - OutputDirectory="Debug" - IntermediateDirectory="Debug" - ConfigurationType="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - /> - <Tool - Name="VCCLCompilerTool" - Optimization="0" - AdditionalIncludeDirectories="../..;../../IDE/WIN;" - PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" - MinimalRebuild="true" - BasicRuntimeChecks="3" - RuntimeLibrary="3" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="4" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - AdditionalDependencies="Ws2_32.lib" - LinkIncremental="2" - GenerateDebugInformation="true" - SubSystem="1" - TargetMachine="1" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - <Configuration - Name="Release|Win32" - OutputDirectory="Release" - IntermediateDirectory="Release" - ConfigurationType="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - /> - <Tool - Name="VCCLCompilerTool" - AdditionalIncludeDirectories="../..;../../IDE/WIN;" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" - RuntimeLibrary="2" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="3" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - AdditionalDependencies="Ws2_32.lib" - LinkIncremental="2" - GenerateDebugInformation="true" - SubSystem="1" - OptimizeReferences="2" - EnableCOMDATFolding="2" - TargetMachine="1" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - </Configurations> - <References> - </References> - <Files> - <Filter - Name="Header Files" - Filter="h;hpp;hxx;hm;inl;inc;xsd" - UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}" - > - </Filter> - <Filter - Name="Resource Files" - Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx" - UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}" - > - </Filter> - <Filter - Name="Source Files" - Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx" - UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}" - > - <File - RelativePath=".\benchmark.c" - > - </File> - </Filter> - </Files> - <Globals> - </Globals> -</VisualStudioProject> diff --git a/client/wolfssl/wolfcrypt/benchmark/include.am b/client/wolfssl/wolfcrypt/benchmark/include.am deleted file mode 100644 index d91a701..0000000 --- a/client/wolfssl/wolfcrypt/benchmark/include.am +++ /dev/null @@ -1,14 +0,0 @@ -# vim:ft=automake -# All paths should be given relative to the root - -if BUILD_WOLFCRYPT_TESTS -noinst_PROGRAMS += wolfcrypt/benchmark/benchmark -wolfcrypt_benchmark_benchmark_SOURCES = wolfcrypt/benchmark/benchmark.c -wolfcrypt_benchmark_benchmark_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD) -wolfcrypt_benchmark_benchmark_DEPENDENCIES = src/libwolfssl.la -noinst_HEADERS += wolfcrypt/benchmark/benchmark.h -endif -EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln -EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj -EXTRA_DIST += wolfcrypt/benchmark/README.md -DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark diff --git a/client/wolfssl/wolfcrypt/test/README.md b/client/wolfssl/wolfcrypt/test/README.md deleted file mode 100644 index bcf877f..0000000 --- a/client/wolfssl/wolfcrypt/test/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# wolfCrypt Test - -Tool for performing cryptographic algorithm testing. - -## Example Output - -Run on Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz. - -```sh -./configure --enable-intelasm --enable-aesni --enable-sp --enable-sp-asm && make - -./wolfcrypt/test/testwolfcrypt ------------------------------------------------------------------------------- - wolfSSL version 4.0.0 ------------------------------------------------------------------------------- -error test passed! -MEMORY test passed! -base64 test passed! -asn test passed! -MD5 test passed! -SHA test passed! -SHA-224 test passed! -SHA-256 test passed! -SHA-384 test passed! -SHA-512 test passed! -SHA-3 test passed! -Hash test passed! -HMAC-MD5 test passed! -HMAC-SHA test passed! -HMAC-SHA224 test passed! -HMAC-SHA256 test passed! -HMAC-SHA384 test passed! -HMAC-SHA512 test passed! -HMAC-SHA3 test passed! -GMAC test passed! -Chacha test passed! -POLY1305 test passed! -ChaCha20-Poly1305 AEAD test passed! -AES test passed! -AES192 test passed! -AES256 test passed! -AES-GCM test passed! -RANDOM test passed! -RSA test passed! -DH test passed! -ECC test passed! -logging test passed! -mutex test passed! -memcb test passed! -Test complete -``` - - -## Windows Visual Studio - -For building wolfCrypt test project in Visual Studio open the `test.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. - -If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project). - -This solution includes the wolfSSL library project at `<wolfssl-root>wolfssl.vcxproj` and will compile the library, then the test project. diff --git a/client/wolfssl/wolfcrypt/test/include.am b/client/wolfssl/wolfcrypt/test/include.am deleted file mode 100644 index b2fc302..0000000 --- a/client/wolfssl/wolfcrypt/test/include.am +++ /dev/null @@ -1,18 +0,0 @@ -# vim:ft=automake -# All paths should be given relative to the root - -if BUILD_WOLFCRYPT_TESTS -noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt -if BUILD_CRYPTONLY -check_PROGRAMS+= wolfcrypt/test/testwolfcrypt -endif -noinst_PROGRAMS+= wolfcrypt/test/testwolfcrypt -wolfcrypt_test_testwolfcrypt_SOURCES = wolfcrypt/test/test.c -wolfcrypt_test_testwolfcrypt_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD) -wolfcrypt_test_testwolfcrypt_DEPENDENCIES = src/libwolfssl.la -noinst_HEADERS += wolfcrypt/test/test.h -endif -EXTRA_DIST += wolfcrypt/test/test.sln -EXTRA_DIST += wolfcrypt/test/test.vcproj -EXTRA_DIST += wolfcrypt/test/README.md -DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt diff --git a/client/wolfssl/wolfcrypt/test/test.c b/client/wolfssl/wolfcrypt/test/test.c deleted file mode 100644 index 399a29b..0000000 --- a/client/wolfssl/wolfcrypt/test/test.c +++ /dev/null @@ -1,28567 +0,0 @@ -/* test.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include <config.h> -#endif - -#ifndef WOLFSSL_USER_SETTINGS - #include <wolfssl/options.h> -#endif -#include <wolfssl/wolfcrypt/settings.h> -#include <wolfssl/version.h> -#include <wolfssl/wolfcrypt/wc_port.h> - -#ifndef NO_CRYPT_TEST - -/* only for stack size check */ -#ifdef HAVE_STACK_SIZE - #include <wolfssl/ssl.h> - #define err_sys err_sys_remap /* remap err_sys */ - #include <wolfssl/test.h> - #undef err_sys -#endif - -#ifdef USE_FLAT_TEST_H - #include "test.h" -#else - #include "wolfcrypt/test/test.h" -#endif - -/* printf mappings */ -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - #include <mqx.h> - #include <stdlib.h> - /* see wc_port.h for fio.h and nio.h includes */ -#elif defined(FREESCALE_KSDK_BM) - #include "fsl_debug_console.h" - #undef printf - #define printf PRINTF -#elif defined(WOLFSSL_APACHE_MYNEWT) - #include <assert.h> - #include <string.h> - #include "sysinit/sysinit.h" - #include "os/os.h" - #ifdef ARCH_sim - #include "mcu/mcu_sim.h" - #endif - #include "os/os_time.h" -#elif defined(WOLFSSL_ESPIDF) - #include <time.h> - #include <sys/time.h> -#elif defined(WOLFSSL_ZEPHYR) - #include <stdio.h> - - #define printf printk -#elif defined(MICRIUM) - #include <bsp_ser.h> - void BSP_Ser_Printf (CPU_CHAR* format, ...); - #undef printf - #define printf BSP_Ser_Printf -#elif defined(WOLFSSL_PB) - #include <stdarg.h> - int wolfssl_pb_print(const char*, ...); - #undef printf - #define printf wolfssl_pb_print -#elif defined(WOLFSSL_TELIT_M2MB) - #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */ - #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ - /* remap printf */ - #undef printf - #define printf M2M_LOG_INFO - /* OS requires occasional sleep() */ - #ifndef TEST_SLEEP_MS - #define TEST_SLEEP_MS 50 - #endif - #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) - /* don't use file system for these tests, since ./certs dir isn't loaded */ - #undef NO_FILESYSTEM - #define NO_FILESYSTEM -#elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF) - /* since just testing, use THREADX log printf instead */ - int dc_log_printf(char*, ...); - #undef printf - #define printf dc_log_printf -#else - #ifdef XMALLOC_USER - #include <stdlib.h> /* we're using malloc / free direct here */ - #endif - #ifndef STRING_USER - #include <stdio.h> - #endif - - /* enable way for customer to override test/bench printf */ - #ifdef XPRINTF - #undef printf - #define printf XPRINTF - #endif -#endif - -#include <wolfssl/wolfcrypt/memory.h> -#include <wolfssl/wolfcrypt/wc_port.h> -#include <wolfssl/wolfcrypt/logging.h> -#include <wolfssl/wolfcrypt/types.h> -#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) - #include <wolfssl/wolfcrypt/asn.h> -#else - #include <wolfssl/wolfcrypt/asn_public.h> -#endif -#include <wolfssl/wolfcrypt/md2.h> -#include <wolfssl/wolfcrypt/md5.h> -#include <wolfssl/wolfcrypt/md4.h> -#include <wolfssl/wolfcrypt/sha.h> -#include <wolfssl/wolfcrypt/sha256.h> -#include <wolfssl/wolfcrypt/sha512.h> -#include <wolfssl/wolfcrypt/arc4.h> -#if defined(WC_NO_RNG) - #include <wolfssl/wolfcrypt/integer.h> -#else - #include <wolfssl/wolfcrypt/random.h> -#endif -#include <wolfssl/wolfcrypt/coding.h> -#include <wolfssl/wolfcrypt/signature.h> -#include <wolfssl/wolfcrypt/rsa.h> -#include <wolfssl/wolfcrypt/des3.h> -#include <wolfssl/wolfcrypt/aes.h> -#include <wolfssl/wolfcrypt/wc_encrypt.h> -#include <wolfssl/wolfcrypt/cmac.h> -#include <wolfssl/wolfcrypt/poly1305.h> -#include <wolfssl/wolfcrypt/camellia.h> -#include <wolfssl/wolfcrypt/hmac.h> -#include <wolfssl/wolfcrypt/dh.h> -#include <wolfssl/wolfcrypt/dsa.h> -#include <wolfssl/wolfcrypt/srp.h> -#include <wolfssl/wolfcrypt/idea.h> -#include <wolfssl/wolfcrypt/hc128.h> -#include <wolfssl/wolfcrypt/rabbit.h> -#include <wolfssl/wolfcrypt/chacha.h> -#include <wolfssl/wolfcrypt/chacha20_poly1305.h> -#include <wolfssl/wolfcrypt/pwdbased.h> -#include <wolfssl/wolfcrypt/ripemd.h> -#include <wolfssl/wolfcrypt/error-crypt.h> -#ifdef HAVE_ECC - #include <wolfssl/wolfcrypt/ecc.h> -#endif -#ifdef HAVE_CURVE25519 - #include <wolfssl/wolfcrypt/curve25519.h> -#endif -#ifdef HAVE_ED25519 - #include <wolfssl/wolfcrypt/ed25519.h> -#endif -#ifdef HAVE_CURVE448 - #include <wolfssl/wolfcrypt/curve448.h> -#endif -#ifdef HAVE_ED448 - #include <wolfssl/wolfcrypt/ed448.h> -#endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - #include <wolfssl/wolfcrypt/blake2.h> -#endif -#ifdef WOLFSSL_SHA3 - #include <wolfssl/wolfcrypt/sha3.h> -#endif -#ifdef HAVE_LIBZ - #include <wolfssl/wolfcrypt/compress.h> -#endif -#ifdef HAVE_PKCS7 - #include <wolfssl/wolfcrypt/pkcs7.h> -#endif -#ifdef HAVE_FIPS - #include <wolfssl/wolfcrypt/fips_test.h> -#endif -#ifdef HAVE_SELFTEST - #include <wolfssl/wolfcrypt/selftest.h> -#endif -#ifdef WOLFSSL_ASYNC_CRYPT - #include <wolfssl/wolfcrypt/async.h> -#endif -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - #include <wolfssl/wolfcrypt/logging.h> -#endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB - #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> -#endif -#ifdef WOLF_CRYPTO_CB - #include <wolfssl/wolfcrypt/cryptocb.h> - #ifdef HAVE_INTEL_QA_SYNC - #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h> - #endif - #ifdef HAVE_CAVIUM_OCTEON_SYNC - #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h> - #endif -#endif - -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable: 4996) -#endif - -#ifdef OPENSSL_EXTRA - #ifndef WOLFCRYPT_ONLY - #include <wolfssl/openssl/evp.h> - #endif - #include <wolfssl/openssl/rand.h> - #include <wolfssl/openssl/hmac.h> - #include <wolfssl/openssl/aes.h> - #include <wolfssl/openssl/des.h> -#endif - -#if defined(NO_FILESYSTEM) - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - #define USE_CERT_BUFFERS_2048 - #endif - #if !defined(USE_CERT_BUFFERS_256) - #define USE_CERT_BUFFERS_256 - #endif -#endif - -#if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) - #define ENABLE_ECC384_CERT_GEN_TEST -#endif - -#include <wolfssl/certs_test.h> - -#ifdef HAVE_NTRU - #include "libntruencrypt/ntru_crypto.h" -#endif - -#ifdef WOLFSSL_STATIC_MEMORY - static WOLFSSL_HEAP_HINT* HEAP_HINT; -#else - #define HEAP_HINT NULL -#endif /* WOLFSSL_STATIC_MEMORY */ - -/* these cases do not have intermediate hashing support */ -#if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \ - && !defined(WOLFSSL_XILINX_CRYPT) - #define NO_INTM_HASH_TEST -#endif - -#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) -static void initDefaultName(void); -#endif - -/* for async devices */ -static int devId = INVALID_DEVID; - -#ifdef HAVE_WNR - const char* wnrConfigFile = "wnr-example.conf"; -#endif - -typedef struct testVector { - const char* input; - const char* output; - size_t inLen; - size_t outLen; -} testVector; - -int error_test(void); -int base64_test(void); -int base16_test(void); -int asn_test(void); -int md2_test(void); -int md5_test(void); -int md4_test(void); -int sha_test(void); -int sha224_test(void); -int sha256_test(void); -int sha512_test(void); -int sha384_test(void); -int sha3_test(void); -int shake256_test(void); -int hash_test(void); -int hmac_md5_test(void); -int hmac_sha_test(void); -int hmac_sha224_test(void); -int hmac_sha256_test(void); -int hmac_sha384_test(void); -int hmac_sha512_test(void); -int hmac_sha3_test(void); -int hkdf_test(void); -int x963kdf_test(void); -int arc4_test(void); -int hc128_test(void); -int rabbit_test(void); -int chacha_test(void); -int chacha20_poly1305_aead_test(void); -int des_test(void); -int des3_test(void); -int aes_test(void); -int aes192_test(void); -int aes256_test(void); -int aesofb_test(void); -int cmac_test(void); -int poly1305_test(void); -int aesgcm_test(void); -int aesgcm_default_test(void); -int gmac_test(void); -int aesccm_test(void); -int aeskeywrap_test(void); -int camellia_test(void); -int rsa_no_pad_test(void); -int rsa_test(void); -int dh_test(void); -int dsa_test(void); -int srp_test(void); -#ifndef WC_NO_RNG -int random_test(void); -#endif /* WC_NO_RNG */ -int pwdbased_test(void); -int ripemd_test(void); -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) -int openssl_test(void); /* test mini api */ - -int openssl_pkey_test(void); -int openssl_pkey0_test(void); -int openssl_pkey1_test(void); -int openSSL_evpMD_test(void); -int openssl_evpSig_test(void); -#endif - -int pbkdf1_test(void); -int pkcs12_test(void); -int pbkdf2_test(void); -int scrypt_test(void); -#ifdef HAVE_ECC - int ecc_test(void); - #ifdef HAVE_ECC_ENCRYPT - int ecc_encrypt_test(void); - #endif - #ifdef USE_CERT_BUFFERS_256 - int ecc_test_buffers(void); - #endif -#endif -#ifdef HAVE_CURVE25519 - int curve25519_test(void); -#endif -#ifdef HAVE_ED25519 - int ed25519_test(void); -#endif -#ifdef HAVE_CURVE448 - int curve448_test(void); -#endif -#ifdef HAVE_ED448 - int ed448_test(void); -#endif -#ifdef HAVE_BLAKE2 - int blake2b_test(void); -#endif -#ifdef HAVE_BLAKE2S - int blake2s_test(void); -#endif -#ifdef HAVE_LIBZ - int compress_test(void); -#endif -#ifdef HAVE_PKCS7 - #ifndef NO_PKCS7_ENCRYPTED_DATA - int pkcs7encrypted_test(void); - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - int pkcs7compressed_test(void); - #endif - int pkcs7signed_test(void); - int pkcs7enveloped_test(void); - #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - int pkcs7authenveloped_test(void); - #endif - #ifndef NO_AES - int pkcs7callback_test(byte* cert, word32 certSz, byte* key, - word32 keySz); - #endif -#endif -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -int cert_test(void); -#endif -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -int certext_test(void); -#endif -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) -int decodedCertCache_test(void); -#endif -#ifdef HAVE_IDEA -int idea_test(void); -#endif -int memory_test(void); -#ifdef HAVE_VALGRIND -int mp_test(void); -#endif -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) -int prime_test(void); -#endif -#ifdef ASN_BER_TO_DER -int berder_test(void); -#endif -int logging_test(void); -int mutex_test(void); -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) -int memcb_test(void); -#endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB -int blob_test(void); -#endif - -#ifdef WOLF_CRYPTO_CB -int cryptocb_test(void); -#endif -#ifdef WOLFSSL_CERT_PIV -int certpiv_test(void); -#endif - -/* General big buffer size for many tests. */ -#define FOURK_BUF 4096 - - -#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } - -#ifdef HAVE_STACK_SIZE -static THREAD_RETURN err_sys(const char* msg, int es) -#else -static int err_sys(const char* msg, int es) -#endif -{ - printf("%s error = %d\n", msg, es); - - EXIT_TEST(-1); -} - -#ifndef HAVE_STACK_SIZE -/* func_args from test.h, so don't have to pull in other stuff */ -typedef struct func_args { - int argc; - char** argv; - int return_code; -} func_args; -#endif /* !HAVE_STACK_SIZE */ - -#ifdef HAVE_FIPS - -static void myFipsCb(int ok, int err, const char* hash) -{ - printf("in my Fips callback, ok = %d, err = %d\n", ok, err); - printf("message = %s\n", wc_GetErrorString(err)); - printf("hash = %s\n", hash); - - if (err == IN_CORE_FIPS_E) { - printf("In core integrity hash check failure, copy above hash\n"); - printf("into verifyCore[] in fips_test.c and rebuild\n"); - } -} - -#endif /* HAVE_FIPS */ - -#ifdef WOLFSSL_STATIC_MEMORY - #ifdef BENCH_EMBEDDED - static byte gTestMemory[14000]; - #elif defined(WOLFSSL_CERT_EXT) - static byte gTestMemory[140000]; - #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE) - static byte gTestMemory[160000]; - #else - static byte gTestMemory[80000]; - #endif -#endif - -#ifdef WOLFSSL_PB -int wolfssl_pb_print(const char* msg, ...) -{ - int ret; - va_list args; - char tmpBuf[80]; - - va_start(args, msg); - ret = vsprint(tmpBuf, msg, args); - va_end(args); - - fnDumpStringToSystemLog(tmpBuf); - - return ret; -} -#endif /* WOLFSSL_PB */ - -/* optional macro to add sleep between tests */ -#ifdef TEST_SLEEP - #include <stdarg.h> /* for var args */ - static WC_INLINE void test_pass(const char* fmt, ...) - { - va_list args; - va_start(args, fmt); - printf(fmt, args); - va_end(args); - TEST_SLEEP(); - } -#else - /* redirect to printf */ - #define test_pass printf - /* stub the sleep macro */ - #define TEST_SLEEP() -#endif - -#ifdef HAVE_STACK_SIZE -THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args) -#else -int wolfcrypt_test(void* args) -#endif -{ - int ret; - - printf("------------------------------------------------------------------------------\n"); - printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); - printf("------------------------------------------------------------------------------\n"); - - if (args) - ((func_args*)args)->return_code = -1; /* error state */ - -#ifdef WOLFSSL_STATIC_MEMORY - if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory), - WOLFMEM_GENERAL, 1) != 0) { - printf("unable to load static memory"); - return(EXIT_FAILURE); - } -#endif - -#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) - wolfSSL_Debugging_ON(); -#endif - -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - wc_SetLoggingHeap(HEAP_HINT); -#endif - -#ifdef HAVE_FIPS - wolfCrypt_SetCb_fips(myFipsCb); -#endif - -#if !defined(NO_BIG_INT) - if (CheckCtcSettings() != 1) { - printf("Sizeof mismatch (build) %x != (run) %x\n", - CTC_SETTINGS, CheckRunTimeSettings()); - return err_sys("Build vs runtime math mismatch\n", -1000); - } - -#if defined(USE_FAST_MATH) && \ - (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)) - if (CheckFastMathSettings() != 1) - return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", - -1001); -#endif /* USE_FAST_MATH */ -#endif /* !NO_BIG_INT */ - -#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) -initDefaultName(); -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - ret = wolfAsync_DevOpen(&devId); - if (ret < 0) { - printf("Async device open failed\nRunning without async\n"); - } -#else - (void)devId; -#endif /* WOLFSSL_ASYNC_CRYPT */ - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - devId = wc_CryptoCb_InitIntelQa(); - if (INVALID_DEVID == devId) { - printf("Couldn't init the Intel QA\n"); - } -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - devId = wc_CryptoCb_InitOcteon(); - if (INVALID_DEVID == devId) { - printf("Couldn't init the Cavium Octeon\n"); - } -#endif -#endif - -#ifdef HAVE_SELFTEST - if ( (ret = wolfCrypt_SelfTest()) != 0) - return err_sys("CAVP selftest failed!\n", ret); - else - test_pass("CAVP selftest passed!\n"); -#endif - - if ( (ret = error_test()) != 0) - return err_sys("error test failed!\n", ret); - else - test_pass("error test passed!\n"); - - if ( (ret = memory_test()) != 0) - return err_sys("MEMORY test failed!\n", ret); - else - test_pass("MEMORY test passed!\n"); - -#ifndef NO_CODING - if ( (ret = base64_test()) != 0) - return err_sys("base64 test failed!\n", ret); - else - test_pass("base64 test passed!\n"); -#ifdef WOLFSSL_BASE16 - if ( (ret = base16_test()) != 0) - return err_sys("base16 test failed!\n", ret); - else - test_pass("base16 test passed!\n"); -#endif -#endif /* !NO_CODING */ - -#ifndef NO_ASN - if ( (ret = asn_test()) != 0) - return err_sys("asn test failed!\n", ret); - else - test_pass("asn test passed!\n"); -#endif - -#ifndef WC_NO_RNG - if ( (ret = random_test()) != 0) - return err_sys("RANDOM test failed!\n", ret); - else - test_pass("RANDOM test passed!\n"); -#endif /* WC_NO_RNG */ - -#ifndef NO_MD5 - if ( (ret = md5_test()) != 0) - return err_sys("MD5 test failed!\n", ret); - else - test_pass("MD5 test passed!\n"); -#endif - -#ifdef WOLFSSL_MD2 - if ( (ret = md2_test()) != 0) - return err_sys("MD2 test failed!\n", ret); - else - test_pass("MD2 test passed!\n"); -#endif - -#ifndef NO_MD4 - if ( (ret = md4_test()) != 0) - return err_sys("MD4 test failed!\n", ret); - else - test_pass("MD4 test passed!\n"); -#endif - -#ifndef NO_SHA - if ( (ret = sha_test()) != 0) - return err_sys("SHA test failed!\n", ret); - else - test_pass("SHA test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA224 - if ( (ret = sha224_test()) != 0) - return err_sys("SHA-224 test failed!\n", ret); - else - test_pass("SHA-224 test passed!\n"); -#endif - -#ifndef NO_SHA256 - if ( (ret = sha256_test()) != 0) - return err_sys("SHA-256 test failed!\n", ret); - else - test_pass("SHA-256 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA384 - if ( (ret = sha384_test()) != 0) - return err_sys("SHA-384 test failed!\n", ret); - else - test_pass("SHA-384 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA512 - if ( (ret = sha512_test()) != 0) - return err_sys("SHA-512 test failed!\n", ret); - else - test_pass("SHA-512 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA3 - if ( (ret = sha3_test()) != 0) - return err_sys("SHA-3 test failed!\n", ret); - else - test_pass("SHA-3 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHAKE256 - if ( (ret = shake256_test()) != 0) - return err_sys("SHAKE256 test failed!\n", ret); - else - test_pass("SHAKE256 test passed!\n"); -#endif - - if ( (ret = hash_test()) != 0) - return err_sys("Hash test failed!\n", ret); - else - test_pass("Hash test passed!\n"); - -#ifdef WOLFSSL_RIPEMD - if ( (ret = ripemd_test()) != 0) - return err_sys("RIPEMD test failed!\n", ret); - else - test_pass("RIPEMD test passed!\n"); -#endif - -#ifdef HAVE_BLAKE2 - if ( (ret = blake2b_test()) != 0) - return err_sys("BLAKE2b test failed!\n", ret); - else - test_pass("BLAKE2b test passed!\n"); -#endif -#ifdef HAVE_BLAKE2S - if ( (ret = blake2s_test()) != 0) - return err_sys("BLAKE2s test failed!\n", ret); - else - test_pass("BLAKE2s test passed!\n"); -#endif - -#ifndef NO_HMAC - #ifndef NO_MD5 - if ( (ret = hmac_md5_test()) != 0) - return err_sys("HMAC-MD5 test failed!\n", ret); - else - test_pass("HMAC-MD5 test passed!\n"); - #endif - - #ifndef NO_SHA - if ( (ret = hmac_sha_test()) != 0) - return err_sys("HMAC-SHA test failed!\n", ret); - else - test_pass("HMAC-SHA test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA224 - if ( (ret = hmac_sha224_test()) != 0) - return err_sys("HMAC-SHA224 test failed!\n", ret); - else - test_pass("HMAC-SHA224 test passed!\n"); - #endif - - #ifndef NO_SHA256 - if ( (ret = hmac_sha256_test()) != 0) - return err_sys("HMAC-SHA256 test failed!\n", ret); - else - test_pass("HMAC-SHA256 test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA384 - if ( (ret = hmac_sha384_test()) != 0) - return err_sys("HMAC-SHA384 test failed!\n", ret); - else - test_pass("HMAC-SHA384 test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA512 - if ( (ret = hmac_sha512_test()) != 0) - return err_sys("HMAC-SHA512 test failed!\n", ret); - else - test_pass("HMAC-SHA512 test passed!\n"); - #endif - - #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ - !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ - !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) - if ( (ret = hmac_sha3_test()) != 0) - return err_sys("HMAC-SHA3 test failed!\n", ret); - else - test_pass("HMAC-SHA3 test passed!\n"); - #endif - - #ifdef HAVE_HKDF - if ( (ret = hkdf_test()) != 0) - return err_sys("HMAC-KDF test failed!\n", ret); - else - test_pass("HMAC-KDF test passed!\n"); - #endif -#endif /* !NO_HMAC */ - -#if defined(HAVE_X963_KDF) && defined(HAVE_ECC) - if ( (ret = x963kdf_test()) != 0) - return err_sys("X963-KDF test failed!\n", ret); - else - test_pass("X963-KDF test passed!\n"); -#endif - -#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ - !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) - if ( (ret = gmac_test()) != 0) - return err_sys("GMAC test failed!\n", ret); - else - test_pass("GMAC test passed!\n"); -#endif - -#ifndef NO_RC4 - if ( (ret = arc4_test()) != 0) - return err_sys("ARC4 test failed!\n", ret); - else - test_pass("ARC4 test passed!\n"); -#endif - -#ifndef NO_HC128 - if ( (ret = hc128_test()) != 0) - return err_sys("HC-128 test failed!\n", ret); - else - test_pass("HC-128 test passed!\n"); -#endif - -#ifndef NO_RABBIT - if ( (ret = rabbit_test()) != 0) - return err_sys("Rabbit test failed!\n", ret); - else - test_pass("Rabbit test passed!\n"); -#endif - -#ifdef HAVE_CHACHA - if ( (ret = chacha_test()) != 0) - return err_sys("Chacha test failed!\n", ret); - else - test_pass("Chacha test passed!\n"); -#endif - -#ifdef HAVE_POLY1305 - if ( (ret = poly1305_test()) != 0) - return err_sys("POLY1305 test failed!\n", ret); - else - test_pass("POLY1305 test passed!\n"); -#endif - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if ( (ret = chacha20_poly1305_aead_test()) != 0) - return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret); - else - test_pass("ChaCha20-Poly1305 AEAD test passed!\n"); -#endif - -#ifndef NO_DES3 - if ( (ret = des_test()) != 0) - return err_sys("DES test failed!\n", ret); - else - test_pass("DES test passed!\n"); -#endif - -#ifndef NO_DES3 - if ( (ret = des3_test()) != 0) - return err_sys("DES3 test failed!\n", ret); - else - test_pass("DES3 test passed!\n"); -#endif - -#ifndef NO_AES - if ( (ret = aes_test()) != 0) - return err_sys("AES test failed!\n", ret); - else - test_pass("AES test passed!\n"); - -#ifdef WOLFSSL_AES_192 - if ( (ret = aes192_test()) != 0) - return err_sys("AES192 test failed!\n", ret); - else - test_pass("AES192 test passed!\n"); -#endif - -#ifdef WOLFSSL_AES_256 - if ( (ret = aes256_test()) != 0) - return err_sys("AES256 test failed!\n", ret); - else - test_pass("AES256 test passed!\n"); -#endif - -#ifdef WOLFSSL_AES_OFB - if ( (ret = aesofb_test()) != 0) - return err_sys("AES-OFB test failed!\n", ret); - else - test_pass("AESOFB test passed!\n"); -#endif - -#ifdef HAVE_AESGCM - #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO) - if ( (ret = aesgcm_test()) != 0) - return err_sys("AES-GCM test failed!\n", ret); - #endif - #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ - !(defined(WOLF_CRYPTO_CB) && \ - (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) - if ((ret = aesgcm_default_test()) != 0) { - return err_sys("AES-GCM test failed!\n", ret); - } - #endif - test_pass("AES-GCM test passed!\n"); -#endif - -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) - if ( (ret = aesccm_test()) != 0) - return err_sys("AES-CCM test failed!\n", ret); - else - test_pass("AES-CCM test passed!\n"); -#endif -#ifdef HAVE_AES_KEYWRAP - if ( (ret = aeskeywrap_test()) != 0) - return err_sys("AES Key Wrap test failed!\n", ret); - else - test_pass("AES Key Wrap test passed!\n"); -#endif -#endif - -#ifdef HAVE_CAMELLIA - if ( (ret = camellia_test()) != 0) - return err_sys("CAMELLIA test failed!\n", ret); - else - test_pass("CAMELLIA test passed!\n"); -#endif - -#ifdef HAVE_IDEA - if ( (ret = idea_test()) != 0) - return err_sys("IDEA test failed!\n", ret); - else - test_pass("IDEA test passed!\n"); -#endif - -#ifndef NO_RSA - #ifdef WC_RSA_NO_PADDING - if ( (ret = rsa_no_pad_test()) != 0) - return err_sys("RSA NOPAD test failed!\n", ret); - else - test_pass("RSA NOPAD test passed!\n"); - #endif - if ( (ret = rsa_test()) != 0) - return err_sys("RSA test failed!\n", ret); - else - test_pass("RSA test passed!\n"); -#endif - -#ifndef NO_DH - if ( (ret = dh_test()) != 0) - return err_sys("DH test failed!\n", ret); - else - test_pass("DH test passed!\n"); -#endif - -#ifndef NO_DSA - if ( (ret = dsa_test()) != 0) - return err_sys("DSA test failed!\n", ret); - else - test_pass("DSA test passed!\n"); -#endif - -#ifdef WOLFCRYPT_HAVE_SRP - if ( (ret = srp_test()) != 0) - return err_sys("SRP test failed!\n", ret); - else - test_pass("SRP test passed!\n"); -#endif - -#ifndef NO_PWDBASED - if ( (ret = pwdbased_test()) != 0) - return err_sys("PWDBASED test failed!\n", ret); - else - test_pass("PWDBASED test passed!\n"); -#endif - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - if ( (ret = openssl_test()) != 0) - return err_sys("OPENSSL test failed!\n", ret); - else - test_pass("OPENSSL test passed!\n"); - - if ( (ret = openSSL_evpMD_test()) != 0) - return err_sys("OPENSSL (EVP MD) test failed!\n", ret); - else - test_pass("OPENSSL (EVP MD) passed!\n"); - - if ( (ret = openssl_pkey0_test()) != 0) - return err_sys("OPENSSL (PKEY0) test failed!\n", ret); - else - test_pass("OPENSSL (PKEY0) passed!\n"); - - if ( (ret = openssl_pkey1_test()) != 0) - return err_sys("OPENSSL (PKEY1) test failed!\n", ret); - else - test_pass("OPENSSL (PKEY1) passed!\n"); - - if ( (ret = openssl_evpSig_test()) != 0) - return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret); - else - test_pass("OPENSSL (EVP Sign/Verify) passed!\n"); - -#endif - -#ifdef HAVE_ECC - if ( (ret = ecc_test()) != 0) - return err_sys("ECC test failed!\n", ret); - else - test_pass("ECC test passed!\n"); - #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) - if ( (ret = ecc_encrypt_test()) != 0) - return err_sys("ECC Enc test failed!\n", ret); - else - test_pass("ECC Enc test passed!\n"); - #endif - #ifdef USE_CERT_BUFFERS_256 - if ( (ret = ecc_test_buffers()) != 0) - return err_sys("ECC buffer test failed!\n", ret); - else - test_pass("ECC buffer test passed!\n"); - #endif -#endif - -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) - if ( (ret = cert_test()) != 0) - return err_sys("CERT test failed!\n", ret); - else - test_pass("CERT test passed!\n"); -#endif - -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) - if ( (ret = certext_test()) != 0) - return err_sys("CERT EXT test failed!\n", ret); - else - test_pass("CERT EXT test passed!\n"); -#endif - -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - if ( (ret = decodedCertCache_test()) != 0) - return err_sys("DECODED CERT CACHE test failed!\n", ret); - else - test_pass("DECODED CERT CACHE test passed!\n"); -#endif - -#ifdef HAVE_CURVE25519 - if ( (ret = curve25519_test()) != 0) - return err_sys("CURVE25519 test failed!\n", ret); - else - test_pass("CURVE25519 test passed!\n"); -#endif - -#ifdef HAVE_ED25519 - if ( (ret = ed25519_test()) != 0) - return err_sys("ED25519 test failed!\n", ret); - else - test_pass("ED25519 test passed!\n"); -#endif - -#ifdef HAVE_CURVE448 - if ( (ret = curve448_test()) != 0) - return err_sys("CURVE448 test failed!\n", ret); - else - test_pass("CURVE448 test passed!\n"); -#endif - -#ifdef HAVE_ED448 - if ( (ret = ed448_test()) != 0) - return err_sys("ED448 test failed!\n", ret); - else - test_pass("ED448 test passed!\n"); -#endif - -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) - if ( (ret = cmac_test()) != 0) - return err_sys("CMAC test failed!\n", ret); - else - test_pass("CMAC test passed!\n"); -#endif - -#ifdef HAVE_LIBZ - if ( (ret = compress_test()) != 0) - return err_sys("COMPRESS test failed!\n", ret); - else - test_pass("COMPRESS test passed!\n"); -#endif - -#ifdef HAVE_PKCS7 - #ifndef NO_PKCS7_ENCRYPTED_DATA - if ( (ret = pkcs7encrypted_test()) != 0) - return err_sys("PKCS7encrypted test failed!\n", ret); - else - test_pass("PKCS7encrypted test passed!\n"); - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - if ( (ret = pkcs7compressed_test()) != 0) - return err_sys("PKCS7compressed test failed!\n", ret); - else - test_pass("PKCS7compressed test passed!\n"); - #endif - if ( (ret = pkcs7signed_test()) != 0) - return err_sys("PKCS7signed test failed!\n", ret); - else - test_pass("PKCS7signed test passed!\n"); - - if ( (ret = pkcs7enveloped_test()) != 0) - return err_sys("PKCS7enveloped test failed!\n", ret); - else - test_pass("PKCS7enveloped test passed!\n"); - - #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - if ( (ret = pkcs7authenveloped_test()) != 0) - return err_sys("PKCS7authenveloped test failed!\n", ret); - else - test_pass("PKCS7authenveloped test passed!\n"); - #endif -#endif - -#ifdef HAVE_VALGRIND - if ( (ret = mp_test()) != 0) - return err_sys("mp test failed!\n", ret); - else - test_pass("mp test passed!\n"); -#endif - -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) - if ( (ret = prime_test()) != 0) - return err_sys("prime test failed!\n", ret); - else - test_pass("prime test passed!\n"); -#endif - -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) - if ( (ret = berder_test()) != 0) - return err_sys("ber-der test failed!\n", ret); - else - test_pass("ber-der test passed!\n"); -#endif - - if ( (ret = logging_test()) != 0) - return err_sys("logging test failed!\n", ret); - else - test_pass("logging test passed!\n"); - - if ( (ret = mutex_test()) != 0) - return err_sys("mutex test failed!\n", ret); - else - test_pass("mutex test passed!\n"); - -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) - if ( (ret = memcb_test()) != 0) - return err_sys("memcb test failed!\n", ret); - else - test_pass("memcb test passed!\n"); -#endif - -#ifdef WOLFSSL_IMX6_CAAM_BLOB - if ( (ret = blob_test()) != 0) - return err_sys("blob test failed!\n", ret); - else - test_pass("blob test passed!\n"); -#endif - -#if defined(WOLF_CRYPTO_CB) && \ - !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) - if ( (ret = cryptocb_test()) != 0) - return err_sys("crypto callback test failed!\n", ret); - else - test_pass("crypto callback test passed!\n"); -#endif - -#ifdef WOLFSSL_CERT_PIV - if ( (ret = certpiv_test()) != 0) - return err_sys("cert piv test failed!\n", ret); - else - test_pass("cert piv test passed!\n"); -#endif - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - wc_CryptoCb_CleanupIntelQa(&devId); -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - wc_CryptoCb_CleanupOcteon(&devId); -#endif -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - wolfAsync_DevClose(&devId); -#endif - - /* cleanup the thread if fixed point cache is enabled and have thread local */ -#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) - wc_ecc_fp_free(); -#endif - - if (args) - ((func_args*)args)->return_code = ret; - - test_pass("Test complete\n"); - - EXIT_TEST(ret); -} - - -#ifndef NO_MAIN_DRIVER - - /* so overall tests can pull in test function */ -#ifdef WOLFSSL_ESPIDF - void app_main( ) -#else - int main(int argc, char** argv) -#endif - { - int ret; - func_args args; -#ifdef WOLFSSL_ESPIDF - /* set dummy wallclock time. */ - struct timeval utctime; - struct timezone tz; - utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - settimeofday(&utctime, &tz); -#endif -#ifdef WOLFSSL_APACHE_MYNEWT - #ifdef ARCH_sim - mcu_sim_parse_args(argc, argv); - #endif - sysinit(); - - /* set dummy wallclock time. */ - struct os_timeval utctime; - struct os_timezone tz; - utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - os_settimeofday(&utctime, &tz); -#endif - -#ifdef HAVE_WNR - if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { - err_sys("Whitewood netRandom global config failed", -1001); - return -1002; - } -#endif -#ifndef WOLFSSL_ESPIDF - args.argc = argc; - args.argv = argv; -#endif - if ((ret = wolfCrypt_Init()) != 0) { - printf("wolfCrypt_Init failed %d\n", ret); - err_sys("Error with wolfCrypt_Init!\n", -1003); - } - - #ifdef HAVE_STACK_SIZE - StackSizeCheck(&args, wolfcrypt_test); - #else - wolfcrypt_test(&args); - #endif - - if ((ret = wolfCrypt_Cleanup()) != 0) { - printf("wolfCrypt_Cleanup failed %d\n", ret); - err_sys("Error with wolfCrypt_Cleanup!\n", -1004); - } - -#ifdef HAVE_WNR - if (wc_FreeNetRandom() < 0) - err_sys("Failed to free netRandom context", -1005); -#endif /* HAVE_WNR */ -#ifndef WOLFSSL_ESPIDF - return args.return_code; -#endif - } - -#endif /* NO_MAIN_DRIVER */ - -/* helper to save DER, convert to PEM and save PEM */ -#if !defined(NO_ASN) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) - -#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) -#else -#define SaveDerAndPem(d, dSz, p, pSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, p, pSz, NULL, NULL, pT, eB) -#endif - -static int _SaveDerAndPem(const byte* der, int derSz, - byte* pem, int pemSz, const char* fileDer, - const char* filePem, int pemType, int errBase) -{ -#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - int ret; - XFILE derFile; - - derFile = XFOPEN(fileDer, "wb"); - if (!derFile) { - return errBase + 0; - } - ret = (int)XFWRITE(der, 1, derSz, derFile); - XFCLOSE(derFile); - if (ret != derSz) { - return errBase + 1; - } -#endif - - if (pem && filePem) { - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - XFILE pemFile; - #endif - #ifdef WOLFSSL_DER_TO_PEM - pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); - if (pemSz < 0) { - return errBase + 2; - } - #endif - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - pemFile = XFOPEN(filePem, "wb"); - if (!pemFile) { - return errBase + 3; - } - ret = (int)XFWRITE(pem, 1, pemSz, pemFile); - XFCLOSE(pemFile); - if (ret != pemSz) { - return errBase + 4; - } - #endif - } - - /* suppress unused variable warnings */ - (void)filePem; - (void)fileDer; - - return 0; -} -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ - -int error_test(void) -{ - const char* errStr; - char out[WOLFSSL_MAX_ERROR_SZ]; - const char* unknownStr = wc_GetErrorString(0); - -#ifdef NO_ERROR_STRINGS - /* Ensure a valid error code's string matches an invalid code's. - * The string is that error strings are not available. - */ - errStr = wc_GetErrorString(OPEN_RAN_E); - wc_ErrorString(OPEN_RAN_E, out); - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1100; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1101; -#else - int i; - int j = 0; - /* Values that are not or no longer error codes. */ - int missing[] = { -122, -123, -124, -127, -128, -129, - -163, -164, -165, -166, -167, -168, -169, - -179, -233, - 0 }; - - /* Check that all errors have a string and it's the same through the two - * APIs. Check that the values that are not errors map to the unknown - * string. - */ - for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) { - errStr = wc_GetErrorString(i); - wc_ErrorString(i, out); - - if (i != missing[j]) { - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0) - return -1102; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0) - return -1103; - if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0) - return -1104; - if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) - return -1105; - } - else { - j++; - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1106; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1107; - } - } - - /* Check if the next possible value has been given a string. */ - errStr = wc_GetErrorString(i); - wc_ErrorString(i, out); - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1108; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1109; -#endif - - return 0; -} - -#ifndef NO_CODING - -int base64_test(void) -{ - int ret; - const byte good[] = "A+Gd\0\0\0"; - const byte goodEnd[] = "A+Gd \r\n"; - byte out[128]; - word32 outLen; -#ifdef WOLFSSL_BASE64_ENCODE - byte data[3]; - word32 dataLen; - byte longData[79] = { 0 }; - const byte symbols[] = "+/A="; -#endif - const byte badSmall[] = "AAA Gdj="; - const byte badLarge[] = "AAA~Gdj="; - const byte badEOL[] = "A+Gd AA"; - int i; - - /* Good Base64 encodings. */ - outLen = sizeof(out); - ret = Base64_Decode(good, sizeof(good), out, &outLen); - if (ret != 0) - return -1200; - outLen = sizeof(out); - ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen); - if (ret != 0) - return -1201; - - /* Bad parameters. */ - outLen = 1; - ret = Base64_Decode(good, sizeof(good), out, &outLen); - if (ret != BAD_FUNC_ARG) - return -1202; - - outLen = sizeof(out); - ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen); - if (ret != ASN_INPUT_E) - return -1203; - /* Bad character at each offset 0-3. */ - for (i = 0; i < 4; i++) { - outLen = sizeof(out); - ret = Base64_Decode(badSmall + i, 4, out, &outLen); - if (ret != ASN_INPUT_E) - return -1204 - i; - ret = Base64_Decode(badLarge + i, 4, out, &outLen); - if (ret != ASN_INPUT_E) - return -1214 - i; - } - -#ifdef WOLFSSL_BASE64_ENCODE - /* Decode and encode all symbols - non-alphanumeric. */ - dataLen = sizeof(data); - ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen); - if (ret != 0) - return -1224; - outLen = sizeof(out); - ret = Base64_Encode(data, dataLen, NULL, &outLen); - if (ret != LENGTH_ONLY_E) - return -1225; - outLen = sizeof(out); - ret = Base64_Encode(data, dataLen, out, &outLen); - if (ret != 0) - return -1226; - outLen = 7; - ret = Base64_EncodeEsc(data, dataLen, out, &outLen); - if (ret != BUFFER_E) - return -1227; - outLen = sizeof(out); - ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen); - if (ret != LENGTH_ONLY_E) - return -1228; - outLen = sizeof(out); - ret = Base64_EncodeEsc(data, dataLen, out, &outLen); - if (ret != 0) - return -1229; - outLen = sizeof(out); - ret = Base64_Encode_NoNl(data, dataLen, out, &outLen); - if (ret != 0) - return -1230; - - /* Data that results in an encoding longer than one line. */ - outLen = sizeof(out); - dataLen = sizeof(longData); - ret = Base64_Encode(longData, dataLen, out, &outLen); - if (ret != 0) - return -1231; - outLen = sizeof(out); - ret = Base64_EncodeEsc(longData, dataLen, out, &outLen); - if (ret != 0) - return -1232; - outLen = sizeof(out); - ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen); - if (ret != 0) - return -1233; -#endif - - return 0; -} - -#ifdef WOLFSSL_BASE16 -int base16_test(void) -{ - int ret; - const byte testData[] = "SomeDataToEncode\n"; - const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00"; - byte encoded[40]; - word32 encodedLen; - byte plain[40]; - word32 len; - - /* length returned includes null termination */ - encodedLen = sizeof(encoded); - ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); - if (ret != 0) - return -1300; - - len = (word32)XSTRLEN((char*)encoded); - if (len != encodedLen - 1) - return -1301; - - len = sizeof(plain); - ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); - if (ret != 0) - return -1302; - - if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) - return -1303; - - if (encodedLen != sizeof(encodedTestData) || - XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { - return -1304; - } - - return 0; -} -#endif /* WOLFSSL_BASE16 */ -#endif /* !NO_CODING */ - -#ifndef NO_ASN -int asn_test(void) -{ - int ret; - /* ASN1 encoded date buffer */ - const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a}; - byte format; - int length; - const byte* datePart; -#ifndef NO_ASN_TIME - struct tm timearg; - time_t now; -#endif - - ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, - &length); - if (ret != 0) - return -1400; - -#ifndef NO_ASN_TIME - /* Parameter Validation tests. */ - if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) - return -1401; - if (wc_GetTime(&now, 0) != BUFFER_E) - return -1402; - - now = 0; - if (wc_GetTime(&now, sizeof(now)) != 0) { - return -1403; - } - if (now == 0) { - printf("RTC/Time not set!\n"); - return -1404; - } - - ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); - if (ret != 0) - return -1405; -#endif /* !NO_ASN_TIME */ - - return 0; -} -#endif /* !NO_ASN */ - -#ifdef WOLFSSL_MD2 -int md2_test(void) -{ - Md2 md2; - byte hash[MD2_DIGEST_SIZE]; - - testVector a, b, c, d, e, f, g; - testVector test_md2[7]; - int times = sizeof(test_md2) / sizeof(testVector), i; - - a.input = ""; - a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" - "\x27\x73"; - a.inLen = XSTRLEN(a.input); - a.outLen = MD2_DIGEST_SIZE; - - b.input = "a"; - b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" - "\xb5\xd1"; - b.inLen = XSTRLEN(b.input); - b.outLen = MD2_DIGEST_SIZE; - - c.input = "abc"; - c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" - "\xd6\xbb"; - c.inLen = XSTRLEN(c.input); - c.outLen = MD2_DIGEST_SIZE; - - d.input = "message digest"; - d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" - "\x06\xb0"; - d.inLen = XSTRLEN(d.input); - d.outLen = MD2_DIGEST_SIZE; - - e.input = "abcdefghijklmnopqrstuvwxyz"; - e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" - "\x94\x0b"; - e.inLen = XSTRLEN(e.input); - e.outLen = MD2_DIGEST_SIZE; - - f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" - "\x38\xcd"; - f.inLen = XSTRLEN(f.input); - f.outLen = MD2_DIGEST_SIZE; - - g.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" - "\xef\xd8"; - g.inLen = XSTRLEN(g.input); - g.outLen = MD2_DIGEST_SIZE; - - test_md2[0] = a; - test_md2[1] = b; - test_md2[2] = c; - test_md2[3] = d; - test_md2[4] = e; - test_md2[5] = f; - test_md2[6] = g; - - wc_InitMd2(&md2); - - for (i = 0; i < times; ++i) { - wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen); - wc_Md2Final(&md2, hash); - - if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) - return -1500 - i; - } - - return 0; -} -#endif - -#ifndef NO_MD5 -int md5_test(void) -{ - int ret = 0; - wc_Md5 md5, md5Copy; - byte hash[WC_MD5_DIGEST_SIZE]; - byte hashcopy[WC_MD5_DIGEST_SIZE]; - testVector a, b, c, d, e, f; - testVector test_md5[6]; - int times = sizeof(test_md5) / sizeof(testVector), i; - - a.input = ""; - a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42" - "\x7e"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" - "\x72"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_MD5_DIGEST_SIZE; - - c.input = "message digest"; - c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" - "\xd0"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - d.input = "abcdefghijklmnopqrstuvwxyz"; - d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" - "\x3b"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_MD5_DIGEST_SIZE; - - e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" - "\x9f"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_MD5_DIGEST_SIZE; - - f.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" - "\x7a"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_MD5_DIGEST_SIZE; - - test_md5[0] = a; - test_md5[1] = b; - test_md5[2] = c; - test_md5[3] = d; - test_md5[4] = e; - test_md5[5] = f; - - ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); - if (ret != 0) - return -1600; - ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); - if (ret != 0) { - wc_Md5Free(&md5); - return -1601; - } - - for (i = 0; i < times; ++i) { - ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, - (word32)test_md5[i].inLen); - if (ret != 0) - ERROR_OUT(-1602 - i, exit); - - ret = wc_Md5GetHash(&md5, hashcopy); - if (ret != 0) - ERROR_OUT(-1603 - i, exit); - - ret = wc_Md5Copy(&md5, &md5Copy); - if (ret != 0) - ERROR_OUT(-1604 - i, exit); - - ret = wc_Md5Final(&md5, hash); - if (ret != 0) - ERROR_OUT(-1605 - i, exit); - - wc_Md5Free(&md5Copy); - - if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1606 - i, exit); - - if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1607 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; -#ifdef WOLFSSL_PIC32MZ_HASH - wc_Md5SizeSet(&md5, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_Md5Update(&md5, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-1608, exit); - } - ret = wc_Md5Final(&md5, hash); - if (ret != 0) - ERROR_OUT(-1609, exit); - if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1610, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Md5Free(&md5); - wc_Md5Free(&md5Copy); - - return ret; -} -#endif /* NO_MD5 */ - - -#ifndef NO_MD4 - -int md4_test(void) -{ - Md4 md4; - byte hash[MD4_DIGEST_SIZE]; - - testVector a, b, c, d, e, f, g; - testVector test_md4[7]; - int times = sizeof(test_md4) / sizeof(testVector), i; - - a.input = ""; - a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" - "\xc0"; - a.inLen = XSTRLEN(a.input); - a.outLen = MD4_DIGEST_SIZE; - - b.input = "a"; - b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" - "\x24"; - b.inLen = XSTRLEN(b.input); - b.outLen = MD4_DIGEST_SIZE; - - c.input = "abc"; - c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" - "\x9d"; - c.inLen = XSTRLEN(c.input); - c.outLen = MD4_DIGEST_SIZE; - - d.input = "message digest"; - d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" - "\x4b"; - d.inLen = XSTRLEN(d.input); - d.outLen = MD4_DIGEST_SIZE; - - e.input = "abcdefghijklmnopqrstuvwxyz"; - e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" - "\xa9"; - e.inLen = XSTRLEN(e.input); - e.outLen = MD4_DIGEST_SIZE; - - f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" - "\xe4"; - f.inLen = XSTRLEN(f.input); - f.outLen = MD4_DIGEST_SIZE; - - g.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" - "\x36"; - g.inLen = XSTRLEN(g.input); - g.outLen = MD4_DIGEST_SIZE; - - test_md4[0] = a; - test_md4[1] = b; - test_md4[2] = c; - test_md4[3] = d; - test_md4[4] = e; - test_md4[5] = f; - test_md4[6] = g; - - wc_InitMd4(&md4); - - for (i = 0; i < times; ++i) { - wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen); - wc_Md4Final(&md4, hash); - - if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0) - return -1700 - i; - } - - return 0; -} - -#endif /* NO_MD4 */ - -#ifndef NO_SHA - -int sha_test(void) -{ - int ret = 0; - wc_Sha sha, shaCopy; - byte hash[WC_SHA_DIGEST_SIZE]; - byte hashcopy[WC_SHA_DIGEST_SIZE]; - testVector a, b, c, d, e; - testVector test_sha[5]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18" - "\x90\xaf\xd8\x07\x09"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" - "\x6C\x9C\xD0\xD8\x9D"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" - "\xE5\xE5\x46\x70\xF1"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA_DIGEST_SIZE; - - d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaa"; - d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" - "\x2A\x25\xEC\x64\x4D"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA_DIGEST_SIZE; - - e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaa"; - e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" - "\x53\x99\x5E\x26\xA0"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - test_sha[3] = d; - test_sha[4] = e; - - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -1800; - ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_ShaFree(&sha); - return -1801; - } - - for (i = 0; i < times; ++i) { - ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-1802 - i, exit); - ret = wc_ShaGetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-1803 - i, exit); - ret = wc_ShaCopy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-1804 - i, exit); - ret = wc_ShaFinal(&sha, hash); - if (ret != 0) - ERROR_OUT(-1805 - i, exit); - wc_ShaFree(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1806 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1807 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; -#ifdef WOLFSSL_RENESAS_TSIP - const char* large_digest = - "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59" - "\x15\x8c\x6d\xb6"; -#else - const char* large_digest = - "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e" - "\xc5\xd9\x0a\xac"; -#endif - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } -#ifdef WOLFSSL_RENESAS_TSIP - times = 20; -#else - times = 100; -#endif -#ifdef WOLFSSL_PIC32MZ_HASH - wc_ShaSizeSet(&sha, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_ShaUpdate(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-1808, exit); - } - ret = wc_ShaFinal(&sha, hash); - if (ret != 0) - ERROR_OUT(-1809, exit); - if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1810, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_ShaFree(&sha); - wc_ShaFree(&shaCopy); - - return ret; -} - -#endif /* NO_SHA */ - -#ifdef WOLFSSL_RIPEMD -int ripemd_test(void) -{ - RipeMd ripemd; - int ret; - byte hash[RIPEMD_DIGEST_SIZE]; - - testVector a, b, c, d; - testVector test_ripemd[4]; - int times = sizeof(test_ripemd) / sizeof(struct testVector), i; - - a.input = "abc"; - a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" - "\xb0\x87\xf1\x5a\x0b\xfc"; - a.inLen = XSTRLEN(a.input); - a.outLen = RIPEMD_DIGEST_SIZE; - - b.input = "message digest"; - b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" - "\x5f\xfa\x21\x59\x5f\x36"; - b.inLen = XSTRLEN(b.input); - b.outLen = RIPEMD_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" - "\xf4\x9a\xda\x62\xeb\x2b"; - c.inLen = XSTRLEN(c.input); - c.outLen = RIPEMD_DIGEST_SIZE; - - d.input = "12345678901234567890123456789012345678901234567890123456" - "789012345678901234567890"; - d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" - "\x82\xbf\x63\x32\x6b\xfb"; - d.inLen = XSTRLEN(d.input); - d.outLen = RIPEMD_DIGEST_SIZE; - - test_ripemd[0] = a; - test_ripemd[1] = b; - test_ripemd[2] = c; - test_ripemd[3] = d; - - ret = wc_InitRipeMd(&ripemd); - if (ret != 0) { - return -1900; - } - - for (i = 0; i < times; ++i) { - ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, - (word32)test_ripemd[i].inLen); - if (ret != 0) { - return -1901 - i; - } - - ret = wc_RipeMdFinal(&ripemd, hash); - if (ret != 0) { - return -1911 - i; - } - - if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) - return -1921 - i; - } - - return 0; -} -#endif /* WOLFSSL_RIPEMD */ - - -#ifdef HAVE_BLAKE2 - - -#define BLAKE2B_TESTS 3 - -static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] = -{ - { - 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03, - 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72, - 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61, - 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19, - 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53, - 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B, - 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55, - 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE - }, - { - 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95, - 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7, - 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44, - 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C, - 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB, - 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4, - 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48, - 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B - }, - { - 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9, - 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72, - 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF, - 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15, - 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB, - 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04, - 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1, - 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5 - } -}; - - - -int blake2b_test(void) -{ - Blake2b b2b; - byte digest[64]; - byte input[64]; - int i, ret; - - for (i = 0; i < (int)sizeof(input); i++) - input[i] = (byte)i; - - for (i = 0; i < BLAKE2B_TESTS; i++) { - ret = wc_InitBlake2b(&b2b, 64); - if (ret != 0) - return -2000 - i; - - ret = wc_Blake2bUpdate(&b2b, input, i); - if (ret != 0) - return -2010 - 1; - - ret = wc_Blake2bFinal(&b2b, digest, 64); - if (ret != 0) - return -2020 - i; - - if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { - return -2030 - i; - } - } - - return 0; -} -#endif /* HAVE_BLAKE2 */ - -#ifdef HAVE_BLAKE2S - - -#define BLAKE2S_TESTS 3 - -static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] = -{ - { - 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, - 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, - 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, - 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9, - }, - { - 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6, - 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2, - 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb, - 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea, - }, - { - 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49, - 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe, - 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88, - 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c, - } -}; - - - -int blake2s_test(void) -{ - Blake2s b2s; - byte digest[32]; - byte input[64]; - int i, ret; - - for (i = 0; i < (int)sizeof(input); i++) - input[i] = (byte)i; - - for (i = 0; i < BLAKE2S_TESTS; i++) { - ret = wc_InitBlake2s(&b2s, 32); - if (ret != 0) - return -2100 - i; - - ret = wc_Blake2sUpdate(&b2s, input, i); - if (ret != 0) - return -2110 - 1; - - ret = wc_Blake2sFinal(&b2s, digest, 32); - if (ret != 0) - return -2120 - i; - - if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) { - return -2130 - i; - } - } - - return 0; -} -#endif /* HAVE_BLAKE2S */ - - -#ifdef WOLFSSL_SHA224 -int sha224_test(void) -{ - wc_Sha224 sha, shaCopy; - byte hash[WC_SHA224_DIGEST_SIZE]; - byte hashcopy[WC_SHA224_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34" - "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA224_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55" - "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA224_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" - "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA224_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2200; - ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha224Free(&sha); - return -2201; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2202 - i, exit); - ret = wc_Sha224GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2203 - i, exit); - ret = wc_Sha224Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2204 - i, exit); - ret = wc_Sha224Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2205 - i, exit); - wc_Sha224Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2206 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2207 - i, exit); - } - -exit: - wc_Sha224Free(&sha); - wc_Sha224Free(&shaCopy); - - return ret; -} -#endif - - -#ifndef NO_SHA256 -int sha256_test(void) -{ - wc_Sha256 sha, shaCopy; - byte hash[WC_SHA256_DIGEST_SIZE]; - byte hashcopy[WC_SHA256_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9" - "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52" - "\xb8\x55"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA256_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" - "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" - "\x15\xAD"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA256_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" - "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" - "\x06\xC1"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA256_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2300; - ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha256Free(&sha); - return -2301; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) { - ERROR_OUT(-2302 - i, exit); - } - ret = wc_Sha256GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2303 - i, exit); - ret = wc_Sha256Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2304 - i, exit); - ret = wc_Sha256Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2305 - i, exit); - wc_Sha256Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2306 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2307 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; -#ifdef WOLFSSL_RENESAS_TSIP_CRYPT - const char* large_digest = - "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7" - "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f"; -#else - const char* large_digest = - "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4" - "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0"; -#endif - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } -#ifdef WOLFSSL_RENESAS_TSIP - times = 20; -#else - times = 100; -#endif -#ifdef WOLFSSL_PIC32MZ_HASH - wc_Sha256SizeSet(&sha, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_Sha256Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2308, exit); - } - ret = wc_Sha256Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2309, exit); - if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2310, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Sha256Free(&sha); - wc_Sha256Free(&shaCopy); - - return ret; -} -#endif - - -#ifdef WOLFSSL_SHA512 -int sha512_test(void) -{ - wc_Sha512 sha, shaCopy; - byte hash[WC_SHA512_DIGEST_SIZE]; - byte hashcopy[WC_SHA512_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80" - "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c" - "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87" - "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a" - "\xf9\x27\xda\x3e"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA512_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" - "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" - "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" - "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" - "\xa5\x4c\xa4\x9f"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA512_DIGEST_SIZE; - - c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" - "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" - "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" - "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" - "\x87\x4b\xe9\x09"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA512_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2400; - ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512Free(&sha); - return -2401; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2402 - i, exit); - ret = wc_Sha512GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2403 - i, exit); - ret = wc_Sha512Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2404 - i, exit); - ret = wc_Sha512Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2405 - i, exit); - wc_Sha512Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2406 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2407 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d" - "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83" - "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc" - "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha512Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2408, exit); - } - ret = wc_Sha512Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2409, exit); - if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2410, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha512Free(&sha); - wc_Sha512Free(&shaCopy); - - return ret; -} -#endif - - -#ifdef WOLFSSL_SHA384 -int sha384_test(void) -{ - wc_Sha384 sha, shaCopy; - byte hash[WC_SHA384_DIGEST_SIZE]; - byte hashcopy[WC_SHA384_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - - a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3" - "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6" - "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48" - "\x98\xb9\x5b"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA384_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" - "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" - "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" - "\xc8\x25\xa7"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA384_DIGEST_SIZE; - - c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" - "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" - "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" - "\x74\x60\x39"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA384_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2500; - ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha384Free(&sha); - return -2501; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2502 - i, exit); - ret = wc_Sha384GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2503 - i, exit); - ret = wc_Sha384Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2504 - i, exit); - ret = wc_Sha384Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2505 - i, exit); - wc_Sha384Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2506 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2507 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a" - "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3" - "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha384Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2508, exit); - } - ret = wc_Sha384Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2509, exit); - if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2510, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Sha384Free(&sha); - wc_Sha384Free(&shaCopy); - - return ret; -} -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 -static int sha3_224_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_224_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_224_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1" - "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_224_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76" - "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_224_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79" - "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_224_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2600; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2601 - i, exit); - ret = wc_Sha3_224_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2602 - i, exit); - ret = wc_Sha3_224_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2603 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2604 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2605 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19" - "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_224_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2606, exit); - } - ret = wc_Sha3_224_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2607, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2608, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_224_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_224 */ - -#ifndef WOLFSSL_NOSHA3_256 -static int sha3_256_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_256_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_256_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - byte large_input[1024]; - const char* large_digest = - "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" - "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; - -#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) - /* test vector with hash of empty string */ - const char* Keccak256EmptyOut = - "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" - "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; -#endif - - a.input = ""; - a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6" - "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8" - "\x43\x4a"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_256_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90" - "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43" - "\x15\x32"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_256_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e" - "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d" - "\x33\x76"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_256_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2700; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2701 - i, exit); - ret = wc_Sha3_256_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2702 - i, exit); - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2703 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2704 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2705 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_256_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2706, exit); - } - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2707, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2708, exit); - } /* END LARGE HASH TEST */ - - /* this is a software only variant of SHA3 not supported by external hardware devices */ -#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) - /* Test for Keccak256 */ - ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); - if (ret != 0) { - ERROR_OUT(-2709, exit); - } - ret = wc_Sha3_256_Update(&sha, (byte*)"", 0); - if (ret != 0) { - ERROR_OUT(-2710, exit); - } - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) { - ERROR_OUT(-2711, exit); - } - if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { - ERROR_OUT(-2712, exit); - } -#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ - -exit: - wc_Sha3_256_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_256 */ - -#ifndef WOLFSSL_NOSHA3_384 -static int sha3_384_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_384_DIGEST_SIZE]; -#ifndef NO_INTM_HASH_TEST - byte hashcopy[WC_SHA3_384_DIGEST_SIZE]; -#endif - - testVector a, b, c; - testVector test_sha[3]; - int ret; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24" - "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98" - "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58" - "\xd5\xf0\x04"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_384_DIGEST_SIZE; - -#if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) - /* NIST test vector with a length that is a multiple of 4 */ - b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44" - "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4"; - b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4" - "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4" - "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14" - "\x19\x87\x22"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_384_DIGEST_SIZE; -#else - b.input = "abc"; - b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad" - "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b" - "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28" - "\x37\x6d\x25"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_384_DIGEST_SIZE; -#endif - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49" - "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4" - "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0" - "\x65\x7c\x22"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_384_DIGEST_SIZE; - -#ifdef WOLFSSL_XILINX_CRYPT - test_sha[0] = b; /* hardware acc. can not handle "" string */ -#else - test_sha[0] = a; -#endif - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2800; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2801 - i, exit); - #ifndef NO_INTM_HASH_TEST - ret = wc_Sha3_384_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2802 - i, exit); - #endif - ret = wc_Sha3_384_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2803 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2804 - i, exit); - #ifndef NO_INTM_HASH_TEST - if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2805 - i, exit); - #endif - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71" - "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7" - "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_384_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2806, exit); - } - ret = wc_Sha3_384_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2807, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2808, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_384_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_384 */ - -#ifndef WOLFSSL_NOSHA3_512 -static int sha3_512_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_512_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_512_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75" - "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c" - "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c" - "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86" - "\x28\x1d\xcd\x26"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_512_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09" - "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2" - "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47" - "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27" - "\x4e\xec\x53\xf0"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_512_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8" - "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91" - "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7" - "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11" - "\x39\xd6\xe7\x5e"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_512_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2900; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2901 - i, exit); - ret = wc_Sha3_512_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2902 - i, exit); - ret = wc_Sha3_512_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2903 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2904 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2905 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29" - "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc" - "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61" - "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_512_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2906, exit); - } - ret = wc_Sha3_512_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2907, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2908, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_512_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_512 */ - -int sha3_test(void) -{ - int ret; - - (void)ret; - -#ifndef WOLFSSL_NOSHA3_224 - if ((ret = sha3_224_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_256 - if ((ret = sha3_256_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_384 - if ((ret = sha3_384_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_512 - if ((ret = sha3_512_test()) != 0) - return ret; -#endif - - return 0; -} -#endif /* WOLFSSL_SHA3 */ - -#ifdef WOLFSSL_SHAKE256 -int shake256_test(void) -{ -#ifndef WOLFSSL_NO_SHAKE256 - wc_Shake sha; - byte hash[114]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - byte large_input[1024]; - const char* large_digest = - "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7" - "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f" - "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68" - "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac" - "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5" - "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38" - "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9" - "\xea\x26"; - - a.input = ""; - a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb" - "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5" - "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67" - "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac" - "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7" - "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84" - "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" - "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; - a.inLen = XSTRLEN(a.input); - a.outLen = sizeof(hash); - - b.input = "abc"; - b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" - "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b" - "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52" - "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88" - "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04" - "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc" - "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" - "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; - b.inLen = XSTRLEN(b.input); - b.outLen = sizeof(hash); - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" - "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e" - "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc" - "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74" - "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55" - "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a" - "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" - "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; - c.inLen = XSTRLEN(c.input); - c.outLen = sizeof(hash); - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitShake256(&sha, HEAP_HINT, devId); - if (ret != 0) - return -3100; - - for (i = 0; i < times; ++i) { - ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-3101 - i, exit); - ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen); - if (ret != 0) - ERROR_OUT(-3102 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0) - ERROR_OUT(-3103 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Shake256_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-3104, exit); - } - ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); - if (ret != 0) - ERROR_OUT(-3105, exit); - if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) - ERROR_OUT(-3106, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Shake256_Free(&sha); - - return ret; -#else - return 0; -#endif -} -#endif - - -int hash_test(void) -{ - wc_HashAlg hash; - int ret, exp_ret; - int i, j; - int digestSz; - byte data[] = "0123456789abcdef0123456789abcdef0123456"; - byte out[WC_MAX_DIGEST_SIZE]; - byte hashOut[WC_MAX_DIGEST_SIZE]; -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - enum wc_HashType hashType; -#endif - enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, - WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, - WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512, - WC_HASH_TYPE_SHA3_224, - WC_HASH_TYPE_SHA3_256, - WC_HASH_TYPE_SHA3_384, - WC_HASH_TYPE_SHA3_512 }; - enum wc_HashType typesNoImpl[] = { -#ifdef NO_MD5 - WC_HASH_TYPE_MD5, -#endif -#ifdef NO_SHA - WC_HASH_TYPE_SHA, -#endif -#ifndef WOLFSSL_SHA224 - WC_HASH_TYPE_SHA224, -#endif -#ifdef NO_SHA256 - WC_HASH_TYPE_SHA256, -#endif -#ifndef WOLFSSL_SHA384 - WC_HASH_TYPE_SHA384, -#endif -#ifndef WOLFSSL_SHA512 - WC_HASH_TYPE_SHA512, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224) - WC_HASH_TYPE_SHA3_224, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256) - WC_HASH_TYPE_SHA3_256, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384) - WC_HASH_TYPE_SHA3_384, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512) - WC_HASH_TYPE_SHA3_512, -#endif - WC_HASH_TYPE_NONE - }; - enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, - WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; - enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, - WC_HASH_TYPE_BLAKE2B, - WC_HASH_TYPE_NONE }; - - /* Parameter Validation testing. */ - ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); - if (ret != BAD_FUNC_ARG) - return -3200; - ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3201; - ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3202; - ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3203; - ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); - if (ret != BAD_FUNC_ARG) - return -3204; - ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); - if (ret != BAD_FUNC_ARG) - return -3205; - ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); - if (ret != BAD_FUNC_ARG) - return -3206; - - /* Try invalid hash algorithms. */ - for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { - ret = wc_HashInit(&hash, typesBad[i]); - if (ret != BAD_FUNC_ARG) - return -3207 - i; - ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3217 - i; - ret = wc_HashFinal(&hash, typesBad[i], out); - if (ret != BAD_FUNC_ARG) - return -3227 - i; - wc_HashFree(&hash, typesBad[i]); - } - - /* Try valid hash algorithms. */ - for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) { - exp_ret = 0; - if (typesGood[i] == typesNoImpl[j]) { - /* Recognized but no implementation compiled in. */ - exp_ret = HASH_TYPE_E; - j++; - } - ret = wc_HashInit(&hash, typesGood[i]); - if (ret != exp_ret) - return -3237 - i; - ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); - if (ret != exp_ret) - return -3247 - i; - ret = wc_HashFinal(&hash, typesGood[i], out); - if (ret != exp_ret) - return -3257 - i; - wc_HashFree(&hash, typesGood[i]); - - digestSz = wc_HashGetDigestSize(typesGood[i]); - if (exp_ret < 0 && digestSz != exp_ret) - return -3267 - i; - if (exp_ret == 0 && digestSz < 0) - return -3277 - i; - if (exp_ret == 0) { - ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, - digestSz - 1); - if (ret != BUFFER_E) - return -3287 - i; - } - ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); - if (ret != exp_ret) - return -3297 - i; - if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) - return -3307 -i; - - ret = wc_HashGetBlockSize(typesGood[i]); - if (exp_ret < 0 && ret != exp_ret) - return -3308 - i; - if (exp_ret == 0 && ret < 0) - return -3318 - i; - -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - ret = wc_HashGetOID(typesGood[i]); - if (ret == BAD_FUNC_ARG || - (exp_ret == 0 && ret == HASH_TYPE_E) || - (exp_ret != 0 && ret != HASH_TYPE_E)) { - return -3328 - i; - } - - hashType = wc_OidGetHash(ret); - if (exp_ret < 0 && ret != exp_ret) - return -3338 - i; - if (exp_ret == 0 && hashType != typesGood[i]) - return -3348 - i; -#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ - } - - for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { - ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); - if (ret != BAD_FUNC_ARG && ret != BUFFER_E) - return -3358 - i; - } - -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - ret = wc_HashGetOID(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3368; -#else - if (ret != HASH_TYPE_E) - return -3369; -#endif - hashType = wc_OidGetHash(646); /* Md2h */ -#ifdef WOLFSSL_MD2 - if (hashType != WC_HASH_TYPE_MD2) - return -3370; -#else - if (hashType != WC_HASH_TYPE_NONE) - return -3371; -#endif - - ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); -#ifndef NO_MD5 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3372; -#else - if (ret != HASH_TYPE_E) - return -3373; -#endif - ret = wc_HashGetOID(WC_HASH_TYPE_MD4); - if (ret != BAD_FUNC_ARG) - return -3374; - ret = wc_HashGetOID(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3375; - - hashType = wc_OidGetHash(0); - if (hashType != WC_HASH_TYPE_NONE) - return -3376; -#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3377; -#else - if (ret != HASH_TYPE_E) - return -3378; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3379; -#else - if (ret != HASH_TYPE_E) - return -3380; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); -#ifndef NO_MD4 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3381; -#else - if (ret != HASH_TYPE_E) - return -3382; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); -#ifndef NO_MD4 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3383; -#else - if (ret != HASH_TYPE_E) - return -3384; -#endif - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); -#if !defined(NO_MD5) && !defined(NO_SHA) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3385; -#else - if (ret != HASH_TYPE_E) - return -3386; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3387; -#else - if (ret != HASH_TYPE_E) - return -3388; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3389; -#else - if (ret != HASH_TYPE_E) - return -3390; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3391; - ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3392; - -#ifndef NO_CERTS -#if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) - ret = wc_GetCTC_HashOID(MD2); - if (ret == 0) - return -3393; -#endif -#ifndef NO_MD5 - ret = wc_GetCTC_HashOID(WC_MD5); - if (ret == 0) - return -3394; -#endif -#ifndef NO_SHA - ret = wc_GetCTC_HashOID(WC_SHA); - if (ret == 0) - return -3395; -#endif -#ifdef WOLFSSL_SHA224 - ret = wc_GetCTC_HashOID(WC_SHA224); - if (ret == 0) - return -3396; -#endif -#ifndef NO_SHA256 - ret = wc_GetCTC_HashOID(WC_SHA256); - if (ret == 0) - return -3397; -#endif -#ifdef WOLFSSL_SHA384 - ret = wc_GetCTC_HashOID(WC_SHA384); - if (ret == 0) - return -3398; -#endif -#ifdef WOLFSSL_SHA512 - ret = wc_GetCTC_HashOID(WC_SHA512); - if (ret == 0) - return -3399; -#endif - ret = wc_GetCTC_HashOID(-1); - if (ret != 0) - return -3400; -#endif - - return 0; -} - -#if !defined(NO_HMAC) && !defined(NO_MD5) -int hmac_md5_test(void) -{ - Hmac hmac; - byte hash[WC_MD5_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - }; - - testVector a, b, c; - testVector test_hmac[3]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" - "\x9d"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" - "\x38"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_MD5_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" - "\xf6"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - - for (i = 0; i < times; ++i) { - #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) { - continue; /* cavium can't handle short keys, fips not allowed */ - } - #endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) { - return -3500; - } - - ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3501; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3502; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3503; - - if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) - return -3504 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE) - return -3514; -#endif - - return 0; -} -#endif /* NO_HMAC && NO_MD5 */ - -#if !defined(NO_HMAC) && !defined(NO_SHA) -int hmac_sha_test(void) -{ - Hmac hmac; - byte hash[WC_SHA_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - - testVector a, b, c; - testVector test_hmac[3]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" - "\x8e\xf1\x46\xbe\x00"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" - "\x9c\x25\x9a\x7c\x79"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" - "\x4f\x63\xf1\x75\xd3"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3600; - - ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3601; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3602; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3603; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) - return -3604 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE) - return -3614; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) -int hmac_sha224_test(void) -{ - Hmac hmac; - byte hash[WC_SHA224_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" - "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA224_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d" - "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA224_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2" - "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA224_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" - "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA224_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3700; - - ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3701; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3702; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3703; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) - return -3704 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE) - return -3714; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && !defined(NO_SHA256) -int hmac_sha256_test(void) -{ - Hmac hmac; - byte hash[WC_SHA256_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" - "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" - "\xcf\xf7"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA256_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" - "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" - "\x38\x43"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA256_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81" - "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" - "\x65\xfe"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA256_DIGEST_SIZE; - - d.input = 0; - d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" - "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" - "\x3e\x46"; - d.inLen = 0; - d.outLen = WC_SHA256_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif -#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM) - if (i == 3) - continue; /* QuickAssist can't handle empty HMAC */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3800 - i; - - ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3810 - i; - if (test_hmac[i].input != NULL) { - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3820 - i; - } - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3830 - i; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) - return -3840 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE) - return -3850; - if (wc_HmacSizeByType(20) != BAD_FUNC_ARG) - return -3851; -#endif - if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE) - return -3852; - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) -int hmac_sha384_test(void) -{ - Hmac hmac; - byte hash[WC_SHA384_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" - "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" - "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" - "\xfa\x9c\xb6"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA384_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" - "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22" - "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" - "\xb2\x16\x49"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA384_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8" - "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66" - "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" - "\xa3\x4f\x27"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA384_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" - "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" - "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" - "\x57\x41\x69"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA384_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) - if (i == 1) - continue; /* fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3900; - - ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3901; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3902; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3903; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) - return -3904 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE) - return -3914; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA512) -int hmac_sha512_test(void) -{ - Hmac hmac; - byte hash[WC_SHA512_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c" - "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1" - "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae" - "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20" - "\x3a\x12\x68\x54"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA512_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0" - "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25" - "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8" - "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a" - "\x38\xbc\xe7\x37"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA512_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b" - "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27" - "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e" - "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59" - "\xe1\x32\x92\xfb"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA512_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" - "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" - "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" - "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" - "\x1e\x18\xfe\xfa"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA512_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) - if (i == 1) - continue; /* fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -4000; - - ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -4001; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -4002; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -4003; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) - return -4004 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE) - return -4014; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ - !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ - !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) -int hmac_sha3_test(void) -{ - Hmac hmac; - byte hash[WC_SHA3_512_DIGEST_SIZE]; - - const char* key[4] = - { - "Jefe", - - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", - - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - const char* input[4] = - { - "what do ya want for nothing?", - - "Hi There", - - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", - - "Big Key Input" - }; - - const int hashType[4] = - { - WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512 - }; - - const int hashSz[4] = - { - WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE, - WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE - }; - - const char* output[16] = - { - /* key = jefe, input = what do ya want for nothing? */ - /* HMAC-SHA3-224 */ - "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11" - "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66", - /* HMAC-SHA3-256 */ - "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87" - "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5", - /* HMAC-SHA3-384 */ - "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21" - "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce" - "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a", - /* HMAC-SHA3-512 */ - "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83" - "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b" - "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" - "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24", - - /* key = 0b..., input = Hi There */ - /* HMAC-SHA3-224 */ - "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d" - "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7", - /* HMAC-SHA3-256 */ - "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51" - "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb", - /* HMAC-SHA3-384 */ - "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61" - "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a" - "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd", - /* HMAC-SHA3-512 */ - "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac" - "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba" - "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2" - "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e", - - /* key = aa..., output = dd... */ - /* HMAC-SHA3-224 */ - "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2" - "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a", - /* HMAC-SHA3-256 */ - "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96" - "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07", - /* HMAC-SHA3-384 */ - "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb" - "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73" - "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e", - /* HMAC-SHA3-512 */ - "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" - "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" - "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" - "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", - - /* key = big key, input = Big Key Input */ - /* HMAC-SHA3-224 */ - "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" - "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", - /* HMAC-SHA3-256 */ - "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" - "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", - /* HMAC-SHA3-384 */ - "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" - "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" - "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", - /* HMAC-SHA3-512 */ - "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" - "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" - "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" - "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" - - }; - - int i = 0, iMax = sizeof(input) / sizeof(input[0]), - j, jMax = sizeof(hashType) / sizeof(hashType[0]), - ret; - -#ifdef HAVE_FIPS - /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too - * short. Skip it in FIPS builds. */ - i = 1; -#endif - for (; i < iMax; i++) { - for (j = 0; j < jMax; j++) { - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -4100; - - ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], - (word32)XSTRLEN(key[i])); - if (ret != 0) - return -4101; - ret = wc_HmacUpdate(&hmac, (byte*)input[i], - (word32)XSTRLEN(input[i])); - if (ret != 0) - return -4102; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -4103; - if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) - return -4104; - - wc_HmacFree(&hmac); - - if (i > 0) - continue; - - #ifndef HAVE_FIPS - ret = wc_HmacSizeByType(hashType[j]); - if (ret != hashSz[j]) - return -4105; - #endif - } - } - - return 0; -} -#endif - - -#ifndef NO_RC4 -int arc4_test(void) -{ - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x01\x23\x45\x67\x89\xab\xcd\xef", - "\x01\x23\x45\x67\x89\xab\xcd\xef", - "\x00\x00\x00\x00\x00\x00\x00\x00", - "\xef\x01\x23\x45" - }; - - testVector a, b, c, d; - testVector test_arc4[4]; - - int times = sizeof(test_arc4) / sizeof(testVector), i; - - a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; - a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; - c.inLen = 8; - c.outLen = 8; - - d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; - d.inLen = 10; - d.outLen = 10; - - test_arc4[0] = a; - test_arc4[1] = b; - test_arc4[2] = c; - test_arc4[3] = d; - - for (i = 0; i < times; ++i) { - Arc4 enc; - Arc4 dec; - int keylen = 8; /* XSTRLEN with key 0x00 not good */ - if (i == 3) - keylen = 4; - - if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0) - return -4200; - if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0) - return -4201; - - wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); - wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); - - wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, - (word32)test_arc4[i].outLen); - wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); - - if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) - return -4202 - i; - - if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) - return -4212 - i; - - wc_Arc4Free(&enc); - wc_Arc4Free(&dec); - } - - return 0; -} -#endif - - -int hc128_test(void) -{ -#ifdef HAVE_HC128 - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD", - "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC" - }; - - const char* ivs[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16", - "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31" - }; - - - testVector a, b, c, d; - testVector test_hc128[4]; - - int times = sizeof(test_hc128) / sizeof(testVector), i; - - a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"; - c.inLen = 8; - c.outLen = 8; - - d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29"; - d.inLen = 15; - d.outLen = 15; - - test_hc128[0] = a; - test_hc128[1] = b; - test_hc128[2] = c; - test_hc128[3] = d; - - for (i = 0; i < times; ++i) { - HC128 enc; - HC128 dec; - - /* align keys/ivs in plain/cipher buffers */ - XMEMCPY(plain, keys[i], 16); - XMEMCPY(cipher, ivs[i], 16); - - wc_Hc128_SetKey(&enc, plain, cipher); - wc_Hc128_SetKey(&dec, plain, cipher); - - /* align input */ - XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen); - if (wc_Hc128_Process(&enc, cipher, plain, - (word32)test_hc128[i].outLen) != 0) { - return -4300; - } - if (wc_Hc128_Process(&dec, plain, cipher, - (word32)test_hc128[i].outLen) != 0) { - return -4301; - } - - if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) - return -4302 - i; - - if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) - return -4312 - i; - } - -#endif /* HAVE_HC128 */ - return 0; -} - - -#ifndef NO_RABBIT -int rabbit_test(void) -{ - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91" - }; - - const char* ivs[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00", - "\x59\x7E\x26\xC1\x75\xF5\x73\xC3", - 0 - }; - - testVector a, b, c; - testVector test_rabbit[3]; - - int times = sizeof(test_rabbit) / sizeof(testVector), i; - - a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77"; - c.inLen = 8; - c.outLen = 8; - - test_rabbit[0] = a; - test_rabbit[1] = b; - test_rabbit[2] = c; - - for (i = 0; i < times; ++i) { - Rabbit enc; - Rabbit dec; - byte* iv; - - /* align keys/ivs in plain/cipher buffers */ - XMEMCPY(plain, keys[i], 16); - if (ivs[i]) { - XMEMCPY(cipher, ivs[i], 8); - iv = cipher; - } else - iv = NULL; - wc_RabbitSetKey(&enc, plain, iv); - wc_RabbitSetKey(&dec, plain, iv); - - /* align input */ - XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen); - wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen); - wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); - - if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen)) - return -4400 - i; - - if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen)) - return -4410 - i; - } - - return 0; -} -#endif /* NO_RABBIT */ - - -#ifdef HAVE_CHACHA -int chacha_test(void) -{ - ChaCha enc; - ChaCha dec; - byte cipher[128]; - byte plain[128]; - byte sliver[64]; - byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - word32 keySz = 32; - int ret = 0; - int i; - int times = 4; - - static const byte key1[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - static const byte key2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - - static const byte key3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - /* 128 bit key */ - static const byte key4[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - - const byte* keys[] = {key1, key2, key3, key4}; - - static const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - static const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - static const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00}; - static const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - - - const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4}; - -#ifndef BENCH_EMBEDDED - static const byte cipher_big_result[] = { - 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d, - 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a, - 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00, - 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32, - 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6, - 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17, - 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e, - 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0, - 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6, - 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87, - 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4, - 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28, - 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26, - 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d, - 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91, - 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4, - 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad, - 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0, - 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46, - 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb, - 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95, - 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a, - 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76, - 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5, - 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a, - 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8, - 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52, - 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7, - 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3, - 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef, - 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90, - 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56, - 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac, - 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85, - 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0, - 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d, - 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a, - 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d, - 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f, - 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda, - 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39, - 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83, - 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e, - 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92, - 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc, - 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3, - 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6, - 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9, - 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16, - 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7, - 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65, - 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f, - 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38, - 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9, - 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0, - 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb, - 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d, - 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44, - 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a, - 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80, - 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d, - 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce, - 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51, - 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24, - 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2, - 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88, - 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47, - 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45, - 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4, - 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c, - 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7, - 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92, - 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5, - 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc, - 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19, - 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3, - 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a, - 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9, - 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f, - 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89, - 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5, - 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c, - 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d, - 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99, - 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5, - 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18, - 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf, - 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3, - 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d, - 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca, - 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a, - 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39, - 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13, - 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee, - 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8, - 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc, - 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a, - 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2, - 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1, - 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07, - 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0, - 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3, - 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3, - 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19, - 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8, - 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02, - 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e, - 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22, - 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec - }; -#define CHACHA_BIG_TEST_SIZE 1305 -#ifndef WOLFSSL_SMALL_STACK - byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0}; - byte plain_big[CHACHA_BIG_TEST_SIZE] = {0}; - byte input_big[CHACHA_BIG_TEST_SIZE] = {0}; -#else - byte* cipher_big; - byte* plain_big; - byte* input_big; -#endif /* WOLFSSL_SMALL_STACK */ - int block_size; -#endif /* BENCH_EMBEDDED */ - - byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; - byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; - byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; - byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; - - byte* test_chacha[4]; - - test_chacha[0] = a; - test_chacha[1] = b; - test_chacha[2] = c; - test_chacha[3] = d; - -#ifndef BENCH_EMBEDDED -#ifdef WOLFSSL_SMALL_STACK - cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (cipher_big == NULL) { - return MEMORY_E; - } - plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (plain_big == NULL) { - return MEMORY_E; - } - input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (input_big == NULL) { - return MEMORY_E; - } - XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE); - XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE); - XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE); -#endif /* WOLFSSL_SMALL_STACK */ -#endif /* BENCH_EMBEDDED */ - - for (i = 0; i < times; ++i) { - if (i < 3) { - keySz = 32; - } - else { - keySz = 16; - } - - XMEMCPY(plain, keys[i], keySz); - XMEMSET(cipher, 0, 32); - XMEMCPY(cipher + 4, ivs[i], 8); - - ret |= wc_Chacha_SetKey(&enc, keys[i], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[i], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, cipher, 0); - ret |= wc_Chacha_SetIV(&dec, cipher, 0); - if (ret != 0) - return ret; - XMEMCPY(plain, input, 8); - - ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8); - ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8); - if (ret != 0) - return ret; - - if (XMEMCMP(test_chacha[i], cipher, 8)) - return -4500 - i; - - if (XMEMCMP(plain, input, 8)) - return -4510 - i; - } - - /* test of starting at a different counter - encrypts all of the information and decrypts starting at 2nd chunk */ - XMEMSET(plain, 0, sizeof(plain)); - XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */ - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMCPY(cipher + 4, ivs[0], 8); - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, cipher, 0); - ret |= wc_Chacha_SetIV(&dec, cipher, 1); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain)); - ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver)); - if (ret != 0) - return ret; - - if (XMEMCMP(plain + 64, sliver, 64)) - return -4520; - -#ifndef BENCH_EMBEDDED - /* test of encrypting more data */ - keySz = 32; - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); - ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE); - ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, - CHACHA_BIG_TEST_SIZE); - if (ret != 0) - return ret; - - if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) - return -4521; - - if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) - return -4522; - - for (i = 0; i < 18; ++i) { - /* this will test all paths */ - // block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 - block_size = (2 << (i%9)) - (i<9?1:0); - keySz = 32; - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); - ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size); - ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size); - if (ret != 0) - return ret; - - if (XMEMCMP(plain_big, input_big, block_size)) - return -4523-i; - - if (XMEMCMP(cipher_big, cipher_big_result, block_size)) - return -4524-i; - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(cipher_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(input_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_SMALL_STACK */ -#endif /* BENCH_EMBEDDED */ - - return 0; -} -#endif /* HAVE_CHACHA */ - - -#ifdef HAVE_POLY1305 -int poly1305_test(void) -{ - int ret = 0; - int i; - byte tag[16]; - Poly1305 enc; - - static const byte msg1[] = - { - 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, - 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, - 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, - 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, - 0x75,0x70 - }; - - static const byte msg2[] = - { - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, - 0x6c,0x64,0x21 - }; - - static const byte msg3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - static const byte msg4[] = - { - 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, - 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, - 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, - 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, - 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, - 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, - 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, - 0x61,0x16 - }; - - static const byte msg5[] = - { - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - }; - - static const byte msg6[] = - { - 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, - 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, - 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, - 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, - 0x61,0x16 - }; - - byte additional[] = - { - 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3, - 0xc4,0xc5,0xc6,0xc7 - }; - - static const byte correct0[] = - { - 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, - 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b - }; - - static const byte correct1[] = - { - 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, - 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 - }; - - static const byte correct2[] = - { - 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, - 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 - }; - - static const byte correct3[] = - { - 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, - 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 - }; - - static const byte correct4[] = - { - 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a, - 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91 - }; - - static const byte correct5[] = - { - 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - }; - - static const byte correct6[] = - { - 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae, - 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca - }; - - static const byte key[] = { - 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, - 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, - 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, - 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b - }; - - static const byte key2[] = { - 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, - 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, - 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, - 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 - }; - - static const byte key4[] = { - 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf, - 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84, - 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb, - 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff - }; - - static const byte key5[] = { - 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6}; - word32 szm[] = {0, sizeof(msg1), sizeof(msg2), - sizeof(msg3), sizeof(msg5), sizeof(msg6)}; - const byte* keys[] = {key, key, key2, key2, key5, key}; - const byte* tests[] = {correct0, correct1, correct2, correct3, correct5, - correct6}; - - for (i = 0; i < 6; i++) { - ret = wc_Poly1305SetKey(&enc, keys[i], 32); - if (ret != 0) - return -4600 - i; - - ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); - if (ret != 0) - return -4610 - i; - - ret = wc_Poly1305Final(&enc, tag); - if (ret != 0) - return -4620 - i; - - if (XMEMCMP(tag, tests[i], sizeof(tag))) - return -4630 - i; - } - - /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ - XMEMSET(tag, 0, sizeof(tag)); - ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); - if (ret != 0) - return -4640; - - ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), - (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); - if (ret != 0) - return -4641; - - if (XMEMCMP(tag, correct4, sizeof(tag))) - return -4642; - - /* Check fail of TLS MAC function if altering additional data */ - XMEMSET(tag, 0, sizeof(tag)); - additional[0]++; - ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), - (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); - if (ret != 0) - return -4643; - - if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) - return -4644; - - - return 0; -} -#endif /* HAVE_POLY1305 */ - - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) -int chacha20_poly1305_aead_test(void) -{ - /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */ - /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ - - const byte key1[] = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f - }; - - const byte plaintext1[] = { - 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, - 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, - 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, - 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, - 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, - 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, - 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, - 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, - 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, - 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, - 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, - 0x74, 0x2e - }; - - const byte iv1[] = { - 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47 - }; - - const byte aad1[] = { /* additional data */ - 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, - 0xc4, 0xc5, 0xc6, 0xc7 - }; - - const byte cipher1[] = { /* expected output from operation */ - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, - 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, - 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, - 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, - 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, - 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, - 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, - 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, - 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, - 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, - 0x61, 0x16 - }; - - const byte authTag1[] = { /* expected output from operation */ - 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, - 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 - }; - - /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */ - /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ - - const byte key2[] = { - 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, - 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, - 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, - 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 - }; - - const byte plaintext2[] = { - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, - 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, - 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, - 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, - 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, - 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, - 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, - 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, - 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, - 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, - 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, - 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, - 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, - 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, - 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, - 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72, - 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, - 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, - 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, - 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, - 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, - 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, - 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, - 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, - 0x9d - }; - - const byte iv2[] = { - 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, - 0x05, 0x06, 0x07, 0x08 - }; - - const byte aad2[] = { /* additional data */ - 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x4e, 0x91 - }; - - const byte cipher2[] = { /* expected output from operation */ - 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, - 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, - 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, - 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, - 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, - 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, - 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, - 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, - 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, - 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, - 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, - 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, - 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, - 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, - 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, - 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, - 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, - 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, - 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, - 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e, - 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, - 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, - 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, - 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, - 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, - 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e, - 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, - 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, - 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, - 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, - 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, - 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, - 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, - 0x9b - }; - - const byte authTag2[] = { /* expected output from operation */ - 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, - 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 - }; - - byte generatedCiphertext[265]; /* max plaintext2/cipher2 */ - byte generatedPlaintext[265]; /* max plaintext2/cipher2 */ - byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - int err; - - ChaChaPoly_Aead aead; - -#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) - #define TEST_SMALL_CHACHA_CHUNKS 32 -#else - #define TEST_SMALL_CHACHA_CHUNKS 64 -#endif - #ifdef TEST_SMALL_CHACHA_CHUNKS - word32 testLen; - #endif - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Parameter Validation testing */ - /* Encrypt */ - err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4700; - err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), - plaintext1, sizeof(plaintext1), generatedCiphertext, - generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4701; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, - sizeof(plaintext1), generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4702; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), NULL, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4703; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), generatedCiphertext, NULL); - if (err != BAD_FUNC_ARG) - return -4704; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - 0, generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4705; - /* Decrypt */ - err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4706; - err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4707; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4708; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), NULL, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4709; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, NULL); - if (err != BAD_FUNC_ARG) - return -4710; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - 0, authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4711; - - - /* Test #1 */ - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, - aad1, sizeof(aad1), - plaintext1, sizeof(plaintext1), - generatedCiphertext, generatedAuthTag); - if (err) { - return err; - } - - /* -- Check the ciphertext and authtag */ - if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -4712; - } - if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { - return -4713; - } - - /* -- Verify decryption works */ - err = wc_ChaCha20Poly1305_Decrypt(key1, iv1, - aad1, sizeof(aad1), - cipher1, sizeof(cipher1), - authTag1, generatedPlaintext); - if (err) { - return err; - } - if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { - return -4714; - } - - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test #2 */ - err = wc_ChaCha20Poly1305_Encrypt(key2, iv2, - aad2, sizeof(aad2), - plaintext2, sizeof(plaintext2), - generatedCiphertext, generatedAuthTag); - if (err) { - return err; - } - - /* -- Check the ciphertext and authtag */ - if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -4715; - } - if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { - return -4716; - } - - /* -- Verify decryption works */ - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, - aad2, sizeof(aad2), - cipher2, sizeof(cipher2), - authTag2, generatedPlaintext); - if (err) { - return err; - } - - if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -4717; - } - - - /* AEAD init/update/final */ - err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4718; - err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4719; - err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4720; - err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1)); - if (err != BAD_FUNC_ARG) - return -4721; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1)); - if (err != BAD_FUNC_ARG) - return -4722; - err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext, - generatedPlaintext, sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4723; - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL, - sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4724; - err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext, - sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4725; - err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4726; - err = wc_ChaCha20Poly1305_Final(&aead, NULL); - if (err != BAD_FUNC_ARG) - return -4727; - - /* AEAD init/update/final - state tests */ - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != BAD_STATE_E) - return -4728; - aead.state = CHACHA20_POLY1305_STATE_DATA; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != BAD_STATE_E) - return -4729; - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, - generatedPlaintext, sizeof(plaintext1)); - if (err != BAD_STATE_E) - return -4730; - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != BAD_STATE_E) - return -4731; - aead.state = CHACHA20_POLY1305_STATE_READY; - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != BAD_STATE_E) - return -4732; - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test 1 - Encrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, - CHACHA20_POLY1305_AEAD_ENCRYPT); - if (err != 0) - return -4733; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != 0) - return -4734; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen<sizeof(plaintext1); ) { - word32 dataLen = sizeof(plaintext1) - testLen; - if (dataLen > TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen], - &generatedCiphertext[testLen], dataLen); - if (err != 0) - return -4735; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1, - generatedCiphertext, sizeof(plaintext1)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4736; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); - if (err != 0) - return -4737; - if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -4738; - } - - /* Test 1 - Decrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != 0) - return -4739; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != 0) - return -4740; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen<sizeof(plaintext1); ) { - word32 dataLen = sizeof(plaintext1) - testLen; - if (dataLen > TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, - &generatedCiphertext[testLen], &generatedPlaintext[testLen], - dataLen); - if (err != 0) - return -4741; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, - generatedPlaintext, sizeof(cipher1)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4742; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); - if (err != 0) - return -4743; - if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { - return -4744; - } - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test 2 - Encrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, - CHACHA20_POLY1305_AEAD_ENCRYPT); - if (err != 0) - return -4745; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); - if (err != 0) - return -4746; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen<sizeof(plaintext2); ) { - word32 dataLen = sizeof(plaintext2) - testLen; - if (dataLen > TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen], - &generatedCiphertext[testLen], dataLen); - if (err != 0) - return -4747; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext, - sizeof(plaintext2)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4748; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); - if (err != 0) - return -4749; - if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -4750; - } - - /* Test 2 - Decrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != 0) - return -4751; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); - if (err != 0) - return -4752; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen<sizeof(plaintext2); ) { - word32 dataLen = sizeof(plaintext2) - testLen; - if (dataLen > TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, - &generatedCiphertext[testLen], &generatedPlaintext[testLen], - dataLen); - if (err != 0) - return -4753; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, - generatedPlaintext, sizeof(cipher2)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4754; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); - if (err != 0) - return -4755; - if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -4756; - } - - return err; -} -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ - - -#ifndef NO_DES3 -int des_test(void) -{ - const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - Des enc; - Des dec; - - const byte key[] = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - - const byte iv[] = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef - }; - - const byte verify[] = - { - 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, - 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, - 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b - }; - - int ret; - - ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); - if (ret != 0) - return -4800; - - ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); - if (ret != 0) - return -4801; - - ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); - if (ret != 0) - return -4802; - - ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); - if (ret != 0) - return -4803; - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4804; - - if (XMEMCMP(cipher, verify, sizeof(cipher))) - return -4805; - - ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv); - if (ret != 0) - return -4806; - -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) - { - EncryptedInfo info; - XMEMSET(&info, 0, sizeof(EncryptedInfo)); - XMEMCPY(info.iv, iv, sizeof(iv)); - info.ivSz = sizeof(iv); - info.keySz = sizeof(key); - info.cipherType = WC_CIPHER_DES; - - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_SHA); - if (ret != 0) - return -4807; - - /* Test invalid info ptr */ - ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_SHA); - if (ret != BAD_FUNC_ARG) - return -4808; - - /* Test invalid hash type */ - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_NONE); - if (ret == 0) - return -4809; - } -#endif - - return 0; -} -#endif /* NO_DES3 */ - - -#ifndef NO_DES3 -int des3_test(void) -{ - const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - Des3 enc; - Des3 dec; - - const byte key3[] = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv3[] = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - - }; - - const byte verify3[] = - { - 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e, - 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98, - 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 - }; - - int ret; - - - if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0) - return -4900; - if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0) - return -4901; - - ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); - if (ret != 0) - return -4902; - ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); - if (ret != 0) - return -4903; - ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -4904; - ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -4905; - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4906; - - if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -4907; - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - /* test the same vectors with using compatibility layer */ - { - DES_key_schedule ks1; - DES_key_schedule ks2; - DES_key_schedule ks3; - DES_cblock iv4; - - XMEMCPY(ks1, key3, sizeof(DES_key_schedule)); - XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule)); - XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule)); - XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - - XMEMSET(plain, 0, sizeof(plain)); - XMEMSET(cipher, 0, sizeof(cipher)); - - DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3, - &iv4, DES_ENCRYPT); - DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3, - &iv4, DES_DECRYPT); - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4908; - - if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -4909; - } -#endif /* OPENSSL_EXTRA */ - - wc_Des3Free(&enc); - wc_Des3Free(&dec); - -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) - { - EncryptedInfo info; - XMEMSET(&info, 0, sizeof(EncryptedInfo)); - XMEMCPY(info.iv, iv3, sizeof(iv3)); - info.ivSz = sizeof(iv3); - info.keySz = sizeof(key3); - info.cipherType = WC_CIPHER_DES3; - - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3, - sizeof(key3), WC_HASH_TYPE_SHA); - if (ret != 0) - return -4910; - } -#endif - - return 0; -} -#endif /* NO_DES */ - - -#ifndef NO_AES - -#if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) -#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) -/* pass in the function, key, iv, plain text and expected and this function - * tests that the encryption and decryption is successful */ -static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, - const byte* iv, const byte* plain, int plainSz, - const byte* expected, int expectedSz) -{ - EVP_CIPHER_CTX ctx; - int idx, ret = 0, cipherSz; - byte* cipher; - - cipher = (byte*)XMALLOC(plainSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (cipher == NULL) { - return -4911; - } - - /* test encrypt */ - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, type, key, iv, 1) == 0) { - ret = -4912; - goto EVP_TEST_END; - } - - if (EVP_CipherUpdate(&ctx, cipher, &idx, plain, expectedSz) == 0) { - ret = -4913; - goto EVP_TEST_END; - } - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { - ret = -4914; - goto EVP_TEST_END; - } - cipherSz += idx; - - if (XMEMCMP(cipher, expected, plainSz)) { - ret = -4915; - goto EVP_TEST_END; - } - - /* test decrypt */ - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, type, key, iv, 0) == 0) { - ret = -4916; - goto EVP_TEST_END; - } - - if (EVP_CipherUpdate(&ctx, cipher, &idx, cipher, expectedSz) == 0) { - ret = -4917; - goto EVP_TEST_END; - } - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { - ret = -4918; - goto EVP_TEST_END; - } - cipherSz += idx; - - if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) { - ret = -4919; - goto EVP_TEST_END; - } - -EVP_TEST_END: - XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER); - (void)cipherSz; - return ret; -} -#endif /* OPENSSL_EXTRA */ -#endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */ - -#ifdef WOLFSSL_AES_OFB - /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */ - int aesofb_test(void) - { - #ifdef WOLFSSL_AES_256 - const byte key1[] = - { - 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, - 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, - 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, - 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 - }; - const byte iv1[] = - { - 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, - 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f - }; - const byte plain1[] = - { - 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, - 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, - 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, - 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, - 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, - 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c - }; - const byte cipher1[] = - { - 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, - 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, - 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, - 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, - 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, - 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 - }; - #endif /* WOLFSSL_AES_256 */ - - - #ifdef WOLFSSL_AES_128 - const byte key2[] = - { - 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3, - 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59 - }; - const byte iv2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte plain2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte cipher2[] = - { - 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0, - 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65 - }; - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const byte key3[] = { - 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73, - 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45, - 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9 - }; - const byte iv3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte cipher3[] = - { - 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45, - 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7 - }; - const byte plain3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - #endif /* WOLFSSL_AES_192 */ - - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; - #endif - int ret = 0; - - (void)enc; - #ifdef HAVE_AES_DECRYPT - (void)dec; - #endif - -#ifdef WOLFSSL_AES_128 - /* 128 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2), - cipher2, sizeof(cipher2)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -4920; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -4921; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain2, AES_BLOCK_SIZE); - if (ret != 0) - return -4922; - - if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE)) - return -4923; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher2, AES_BLOCK_SIZE); - if (ret != 0) - return -4924; - - if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE)) - return -4925; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3), - cipher3, sizeof(cipher3)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -4926; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -4927; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain3, AES_BLOCK_SIZE); - if (ret != 0) - return -4928; - - if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE)) - return -4929; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher3, AES_BLOCK_SIZE); - if (ret != 0) - return -4930; - - if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE)) - return -4931; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4932; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4933; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE); - if (ret != 0) - return -4934; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE)) - return -4935; - - ret = wc_AesOfbEncrypt(&enc, cipher + AES_BLOCK_SIZE, - plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - if (ret != 0) - return -4936; - - if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -4937; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE); - if (ret != 0) - return -4938; - - if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE)) - return -4939; - - ret = wc_AesOfbDecrypt(&dec, plain + AES_BLOCK_SIZE, - cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - if (ret != 0) - return -4940; - - if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -4941; - #endif /* HAVE_AES_DECRYPT */ - - /* multiple blocks at once */ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4942; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4943; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4944; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3)) - return -4945; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4946; - - if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3)) - return -4947; - #endif /* HAVE_AES_DECRYPT */ - - /* inline decrypt/encrypt*/ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4948; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4949; - #endif - - XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2); - ret = wc_AesOfbEncrypt(&enc, cipher, cipher, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4950; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -4951; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, cipher, cipher, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4952; - - if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2)) - return -4953; - #endif /* HAVE_AES_DECRYPT */ - - /* 256 key size test leftover support */ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4954; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4955; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, 3); - if (ret != 0) - return -4956; - - if (XMEMCMP(cipher, cipher1, 3)) - return -4957; - - ret = wc_AesOfbEncrypt(&enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE); - if (ret != 0) - return -4958; - - if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE)) - return -4959; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, 6); - if (ret != 0) - return -4960; - - if (XMEMCMP(plain, plain1, 6)) - return -4961; - - ret = wc_AesOfbDecrypt(&dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE); - if (ret != 0) - return -4962; - - if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE)) - return -4963; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_256 */ - - return 0; - } -#endif /* WOLFSSL_AES_OFB */ - -#if defined(WOLFSSL_AES_CFB) - /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/ - static int aescfb_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; - #endif - int ret = 0; - - const byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - -#ifdef WOLFSSL_AES_128 - const byte key1[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte cipher1[] = - { - 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, - 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, - 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, - 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, - 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, - 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf - }; - - const byte msg1[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 size key test */ - const byte key2[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte cipher2[] = - { - 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab, - 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74, - 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21, - 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a, - 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1, - 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9, - 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0, - 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff - }; - - const byte msg2[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 size key simple test */ - const byte key3[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte cipher3[] = - { - 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b, - 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60, - 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8, - 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b, - 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92, - 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9, - 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8, - 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71 - }; - - const byte msg3[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; -#endif /* WOLFSSL_AES_256 */ - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4964; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4965; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4966; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4967; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4968; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -4969; - - /* test restarting encryption process */ - ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2), - msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE); - if (ret != 0) - return -4970; - - if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2), - cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE)) - return -4971; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4972; - - if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) - return -4973; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 key size test */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2), - cipher2, sizeof(cipher2)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); - if (ret != 0) - return -4974; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION); - if (ret != 0) - return -4975; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4); - if (ret != 0) - return -4976; - - if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4)) - return -4977; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4); - if (ret != 0) - return -4978; - - if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) - return -4979; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key size test */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3), - cipher3, sizeof(cipher3)); - if (ret != 0) { - return ret; - } - #endif - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); - if (ret != 0) - return -4980; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION); - if (ret != 0) - return -4981; - #endif - - /* test with data left overs, magic lengths are checking near edges */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4); - if (ret != 0) - return -4982; - - if (XMEMCMP(cipher, cipher3, 4)) - return -4983; - - ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27); - if (ret != 0) - return -4984; - - if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) - return -4985; - - ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31, - (AES_BLOCK_SIZE * 4) - 31); - if (ret != 0) - return -4986; - - if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4)) - return -4987; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4); - if (ret != 0) - return -4988; - - if (XMEMCMP(plain, msg3, 4)) - return -4989; - - ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4); - if (ret != 0) - return -4990; - - ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23); - if (ret != 0) - return -4991; - - if (XMEMCMP(plain + 4, msg3 + 4, 27)) - return -4992; - - ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31, - (AES_BLOCK_SIZE * 4) - 31); - if (ret != 0) - return -4993; - - if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) - return -4994; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_256 */ - - return ret; - } - -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - static int aescfb1_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE]; - #endif - int ret = 0; - -#ifdef WOLFSSL_AES_128 - const byte iv[] = { - 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9, - 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7 - }; - - const byte key1[] = - { - 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73, - 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66 - }; - - const byte cipher1[] = - { - 0x00 - }; - - const byte msg1[] = - { - 0xC0 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - const byte iv2[] = { - 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13, - 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e - }; - - const byte key2[] = - { - 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10, - 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6, - 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a - }; - - const byte cipher2[] = - { - 0x30 - }; - - const byte msg2[] = - { - 0x80 - }; -#endif /* WOLFSSL_AES_192 */ -#ifdef WOLFSSL_AES_256 - const byte iv3[] = { - 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e, - 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0 - }; - - const byte key3[] = - { - 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50, - 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e, - 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20, - 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40 - }; - - const byte cipher3[] = - { - 0xF7, 0x00 - }; - - const byte msg3[] = - { - 0x41, 0xC0 - }; -#endif /* WOLFSSL_AES_256 */ - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4995; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4996; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4997; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4998; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, 2); - if (ret != 0) - return -4999; - - if (cipher[0] != cipher1[0]) - return -5000; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfb1Decrypt(&dec, plain, cipher, 2); - if (ret != 0) - return -5001; - - if (plain[0] != msg1[0]) - return -5002; - #endif /* HAVE_AES_DECRYPT */ - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5003; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, - sizeof(msg1) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5004; - - ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), - cipher, sizeof(msg1)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - /* 192 key tests */ - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5005; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, 4); - if (ret != 0) - return -5006; - if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0) - return -5007; - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5008; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, - sizeof(msg2) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5009; - - ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), - cipher, sizeof(msg2)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key tests */ - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5010; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, 10); - if (ret != 0) - return -5011; - if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) - return -5012; - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5013; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, - sizeof(msg3) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5014; - - ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), - cipher, sizeof(msg3)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_256 */ - return ret; - } - - static int aescfb8_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE]; - #endif - int ret = 0; - -#ifdef WOLFSSL_AES_128 - const byte iv[] = { - 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae, - 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22 - }; - - const byte key1[] = - { - 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46, - 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4 - }; - - const byte cipher1[] = - { - 0xd2,0x76,0x91 - }; - - const byte msg1[] = - { - 0xc9,0x06,0x35 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - const byte iv2[] = { - 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93, - 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29 - }; - - const byte key2[] = - { - 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5, - 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54, - 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3 - }; - - const byte cipher2[] = - { - 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e, - 0xb5,0xe8 - }; - - const byte msg2[] = - { - 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3, - 0x3a,0x60 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte iv3[] = { - 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44, - 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b - }; - - const byte key3[] = - { - 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc, - 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9, - 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23, - 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66 - }; - - const byte cipher3[] = - { - 0x1c,0xff,0x95 - }; - - const byte msg3[] = - { - 0xb9,0x74,0xfa - }; -#endif - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5015; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5016; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5017; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5018; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg1, sizeof(msg1)); - if (ret != 0) - return -5019; - - if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0) - return -5020; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfb8Decrypt(&dec, plain, cipher, sizeof(msg1)); - if (ret != 0) - return -5021; - - if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0) - return -5022; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - /* 192 key tests */ - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5023; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg2, sizeof(msg2)); - if (ret != 0) - return -5024; - if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) - return -5025; -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), - cipher2, sizeof(msg2)); - if (ret != 0) { - return ret; - } -#endif - -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key tests */ - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5026; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg3, sizeof(msg3)); - if (ret != 0) - return -5027; - if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) - return -5028; - - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), - cipher3, sizeof(msg3)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_256 */ - - return ret; - } -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ -#endif /* WOLFSSL_AES_CFB */ - - -static int aes_key_size_test(void) -{ - int ret; - Aes aes; - byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; - byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - byte iv[] = "1234567890abcdef"; -#ifndef HAVE_FIPS - word32 keySize; -#endif - -#if !defined(HAVE_FIPS) || \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not - * supported with that FIPS version */ - ret = wc_AesInit(NULL, HEAP_HINT, devId); - if (ret != BAD_FUNC_ARG) - return -5100; -#endif - - ret = wc_AesInit(&aes, HEAP_HINT, devId); - /* 0 check OK for FIPSv1 */ - if (ret != 0) - return -5101; - -#ifndef HAVE_FIPS - /* Parameter Validation testing. */ - ret = wc_AesGetKeySize(NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -5102; - ret = wc_AesGetKeySize(&aes, NULL); - if (ret != BAD_FUNC_ARG) - return -5103; - ret = wc_AesGetKeySize(NULL, &keySize); - if (ret != BAD_FUNC_ARG) - return -5104; - /* Crashes in FIPS */ - ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); - if (ret != BAD_FUNC_ARG) - return -5105; -#endif - /* NULL IV indicates to use all zeros IV. */ - ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_128 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5106; - ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); - if (ret != BAD_FUNC_ARG) - return -5107; -/* CryptoCell handles rounds internally */ -#if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL) - /* Force invalid rounds */ - aes.rounds = 16; - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != BAD_FUNC_ARG) - return -5108; -#endif - - ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_128 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5109; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key16)) - return -5110; -#endif - - ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_192 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5111; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key24)) - return -5112; -#endif - - ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_256 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5113; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key32)) - return -5114; -#endif - - return 0; -} - -#if defined(WOLFSSL_AES_XTS) -/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ -#ifdef WOLFSSL_AES_128 -static int aes_xts_128_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - unsigned char cipher[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, - 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, - 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, - 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f - }; - - static unsigned char i1[] = { - 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char p1[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c - }; - - /* plain text test of partial block is not from NIST test vector list */ - static unsigned char pp[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char c1[] = { - 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, - 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 - }; - - static unsigned char k2[] = { - 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, - 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, - 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, - 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 - }; - - static unsigned char i2[] = { - 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, - 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 - }; - - static unsigned char p2[] = { - 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, - 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, - 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, - 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 - }; - - static unsigned char c2[] = { - 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, - 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, - 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, - 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 - }; - -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); - if (ret != 0) { - printf("EVP_aes_128_xts failed!\n"); - return ret; - } -#endif - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5200; - - ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5201; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5202; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5203; - ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5204; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5205; - - /* partial block encryption test */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5206; - wc_AesXtsFree(&aes); - - /* partial block decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5207; - ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5208; - if (XMEMCMP(pp, buf, sizeof(pp))) - return -5209; - - /* NIST decrypt test vector */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5210; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5211; - - /* fail case with decrypting using wrong key */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5212; - if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ - return -5213; - - /* set correct key and retest */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5214; - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5215; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5216; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_128 */ - - -#ifdef WOLFSSL_AES_256 -static int aes_xts_256_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 3]; - unsigned char cipher[AES_BLOCK_SIZE * 3]; - - /* 256 key tests */ - static unsigned char k1[] = { - 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, - 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, - 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, - 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, - 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, - 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, - 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, - 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08 - }; - - static unsigned char i1[] = { - 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, - 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64 - }; - - static unsigned char p1[] = { - 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, - 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64, - 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, - 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e - }; - - /* plain text test of partial block is not from NIST test vector list */ - static unsigned char pp[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char c1[] = { - 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, - 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13, - 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, - 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb - }; - - static unsigned char k2[] = { - 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, - 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, - 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, - 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, - 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, - 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a, - 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12, - 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4 - }; - - static unsigned char i2[] = { - 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0, - 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f - }; - - static unsigned char p2[] = { - 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00, - 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53, - 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89, - 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd, - 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61, - 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc - }; - - static unsigned char c2[] = { - 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10, - 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1, - 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61, - 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89, - 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b, - 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92 - }; - -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); - if (ret != 0) { - printf("EVP_aes_256_xts failed\n"); - return ret; - } -#endif - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5300; - ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5301; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5302; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5303; - ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5304; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5305; - - /* partial block encryption test */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5306; - wc_AesXtsFree(&aes); - - /* partial block decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5307; - ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5308; - if (XMEMCMP(pp, buf, sizeof(pp))) - return -5309; - - /* NIST decrypt test vector */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5310; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5311; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5312; - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5313; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5314; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_256 */ - - -#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) -/* both 128 and 256 bit key test */ -static int aes_xts_sector_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, - 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, - 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, - 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c - }; - - static unsigned char p1[] = { - 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, - 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c - }; - - static unsigned char c1[] = { - 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, - 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 - }; - word64 s1 = 141; - - /* 256 key tests */ - static unsigned char k2[] = { - 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, - 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, - 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, - 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, - 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, - 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, - 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, - 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 - }; - - static unsigned char p2[] = { - 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, - 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, - 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, - 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 - }; - - static unsigned char c2[] = { - 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, - 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, - 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, - 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d - }; - word64 s2 = 187; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5400; - ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5401; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5402; - - /* decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5403; - ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5404; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5405; - wc_AesXtsFree(&aes); - - /* 256 bit key tests */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5406; - ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5407; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5408; - - /* decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5409; - ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5410; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5411; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */ - - -#ifdef WOLFSSL_AES_128 -/* testing of bad arguments */ -static int aes_xts_args_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, - 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, - 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, - 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c - }; - - static unsigned char p1[] = { - 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, - 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c - }; - - static unsigned char c1[] = { - 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, - 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 - }; - word64 s1 = 141; - - if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) == 0) - return -5500; - if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) == 0) - return -5501; - - /* encryption operations */ - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5502; - ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5503; - - ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5504; - wc_AesXtsFree(&aes); - - /* decryption operations */ - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5505; - ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5506; - - ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5507; - wc_AesXtsFree(&aes); - - return 0; -} -#endif /* WOLFSSL_AES_128 */ -#endif /* WOLFSSL_AES_XTS */ - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -static int aes_cbc_test(void) -{ - byte cipher[AES_BLOCK_SIZE]; - byte plain[AES_BLOCK_SIZE]; - int ret; - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - XMEMSET(plain, 0, AES_BLOCK_SIZE); - - /* Parameter Validation testing. */ - ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); - if (ret != BAD_FUNC_ARG) - return -5600; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); - if (ret != BAD_FUNC_ARG) - return -5601; -#endif - - ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, - AES_BLOCK_SIZE, iv); - if (ret != 0) - return -5602; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, - AES_BLOCK_SIZE, iv); - if (ret != 0) - return -5603; - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) - return -5604; -#endif /* HAVE_AES_DECRYPT */ - - (void)plain; - return 0; -} -#endif - -int aes_test(void) -{ -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; -#endif -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ - int ret = 0; - -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5700; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5701; -#endif - ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5702; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); - if (ret != 0) - return -5703; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5704; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5705; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -5706; -#endif /* HAVE_AES_DECRYPT */ - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -5707; -#endif /* WOLFSSL_AES_128 */ - -#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) - { - const byte bigMsg[] = { - /* "All work and no play makes Jack a dull boy. " */ - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 - }; - const byte bigKey[] = "0123456789abcdeffedcba9876543210"; - byte bigCipher[sizeof(bigMsg)]; - byte bigPlain[sizeof(bigMsg)]; - word32 keySz, msgSz; - - /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole - * message by AES_BLOCK_SIZE for each size of AES key. */ - for (keySz = 16; keySz <= 32; keySz += 8) { - for (msgSz = AES_BLOCK_SIZE; - msgSz <= sizeof(bigMsg); - msgSz += AES_BLOCK_SIZE) { - - XMEMSET(bigCipher, 0, sizeof(bigCipher)); - XMEMSET(bigPlain, 0, sizeof(bigPlain)); - ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); - if (ret != 0) - return -5708; - ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); - if (ret != 0) - return -5709; - - ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5710; - - ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5711; - - if (XMEMCMP(bigPlain, bigMsg, msgSz)) - return -5712; - } - } - } -#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */ - - /* Test of AES IV state with encrypt/decrypt */ -#ifdef WOLFSSL_AES_128 - { - /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition" - * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf - */ - const byte msg2[] = - { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 - }; - - const byte verify2[] = - { - 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2 - }; - byte key2[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - }; - byte iv2[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - }; - - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5713; - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2); - ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5714; - if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) - return -5715; - - ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE, - msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5716; - if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -5717; - - #if defined(HAVE_AES_DECRYPT) - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION); - if (ret != 0) - return -5718; - XMEMSET(plain, 0, AES_BLOCK_SIZE * 2); - ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5719; - if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE)) - return -5720; - - ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE, - verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5721; - if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -5722; - - #endif /* HAVE_AES_DECRYPT */ - } -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AES_CBC */ - -#ifdef WOLFSSL_AES_COUNTER - { - /* test vectors from "Recommendation for Block Cipher Modes of - * Operation" NIST Special Publication 800-38A */ - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - -#ifdef WOLFSSL_AES_128 - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; - - const byte ctr128Key[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctr128Cipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, - 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, - 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, - 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, - 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, - 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, - 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, - 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, - 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, - 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, - 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, - 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, - 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 - }; -#endif - -#ifdef WOLFSSL_AES_128 - wc_AesSetKeyDirect(&enc, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5723; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); - if (ret != 0) { - return -5724; - } - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -5725; - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) - return -5726; - - /* let's try with just 9 bytes, non block size test */ - wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - return -5727; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - return -5728; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -5729; - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) - return -5730; - - /* and an additional 9 bytes to reuse tmp left buffer */ - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - return -5731; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - return -5732; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -5733; - - if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) - return -5734; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 bit key */ - wc_AesSetKeyDirect(&enc, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); - if (ret != 0) { - return -5735; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - return -5736; - - ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5737; - } - if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - return -5738; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 bit key */ - wc_AesSetKeyDirect(&enc, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); - if (ret != 0) { - return -5739; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -5740; - - ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5741; - } - if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - return -5742; -#endif /* WOLFSSL_AES_256 */ - } -#endif /* WOLFSSL_AES_COUNTER */ - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - { - const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - return -5743; - wc_AesEncryptDirect(&enc, cipher, niPlain); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - return -5744; - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - return -5745; - wc_AesDecryptDirect(&dec, plain, niCipher); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - return -5746; - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - - ret = aes_key_size_test(); - if (ret != 0) - return ret; - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) - ret = aes_cbc_test(); - if (ret != 0) - return ret; -#endif - -#if defined(WOLFSSL_AES_XTS) - #ifdef WOLFSSL_AES_128 - ret = aes_xts_128_test(); - if (ret != 0) - return ret; - #endif - #ifdef WOLFSSL_AES_256 - ret = aes_xts_256_test(); - if (ret != 0) - return ret; - #endif - #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) - ret = aes_xts_sector_test(); - if (ret != 0) - return ret; - #endif - #ifdef WOLFSSL_AES_128 - ret = aes_xts_args_test(); - if (ret != 0) - return ret; - #endif -#endif - -#if defined(WOLFSSL_AES_CFB) - ret = aescfb_test(); - if (ret != 0) - return ret; -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = aescfb1_test(); - if (ret != 0) - return ret; - - ret = aescfb8_test(); - if (ret != 0) - return ret; -#endif -#endif - - -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) - wc_AesFree(&enc); - (void)cipher; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - wc_AesFree(&dec); - (void)plain; -#endif -#endif - - return ret; -} - -#ifdef WOLFSSL_AES_192 -int aes192_test(void) -{ -#ifdef HAVE_AES_CBC - Aes enc; - byte cipher[AES_BLOCK_SIZE]; -#ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain[AES_BLOCK_SIZE]; -#endif -#endif /* HAVE_AES_CBC */ - int ret = 0; - -#ifdef HAVE_AES_CBC - /* Test vectors from NIST Special Publication 800-38A, 2001 Edition - * Appendix F.2.3 */ - - const byte msg[] = { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, - 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 - }; - - byte key[] = { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F - }; - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5800; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5801; -#endif - - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); - if (ret != 0) - return -5802; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); - if (ret != 0) - return -5803; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5804; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5805; - if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -5806; - } -#endif - - if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -5807; - - wc_AesFree(&enc); -#ifdef HAVE_AES_DECRYPT - wc_AesFree(&dec); -#endif - -#endif /* HAVE_AES_CBC */ - - return ret; -} -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 -int aes256_test(void) -{ -#ifdef HAVE_AES_CBC - Aes enc; - byte cipher[AES_BLOCK_SIZE]; -#ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain[AES_BLOCK_SIZE]; -#endif -#endif /* HAVE_AES_CBC */ - int ret = 0; - -#ifdef HAVE_AES_CBC - /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, - * Appendix F.2.5 */ - const byte msg[] = { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, - 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 - }; - - byte key[] = { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F - }; - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5900; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5901; -#endif - - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); - if (ret != 0) - return -5902; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); - if (ret != 0) - return -5903; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5904; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5905; - if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -5906; - } -#endif - - if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -5907; - - wc_AesFree(&enc); -#ifdef HAVE_AES_DECRYPT - wc_AesFree(&dec); -#endif - -#endif /* HAVE_AES_CBC */ - - return ret; -} -#endif /* WOLFSSL_AES_256 */ - - -#ifdef HAVE_AESGCM - -static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz, - byte* plain, int plainSz, byte* cipher, int cipherSz, - byte* aad, int aadSz, byte* tag, int tagSz) -{ - Aes enc; - Aes dec; - - byte resultT[AES_BLOCK_SIZE]; - byte resultP[AES_BLOCK_SIZE * 3]; - byte resultC[AES_BLOCK_SIZE * 3]; - int result; - - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -5908; - } - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { - return -5909; - } - - result = wc_AesGcmSetKey(&enc, key, keySz); - if (result != 0) - return -5910; - - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, plain, plainSz, iv, ivSz, - resultT, tagSz, aad, aadSz); - -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -5911; - if (cipher != NULL) { - if (XMEMCMP(cipher, resultC, cipherSz)) - return -5912; - } - if (XMEMCMP(tag, resultT, tagSz)) - return -5913; - - wc_AesFree(&enc); - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmSetKey(&dec, key, keySz); - if (result != 0) - return -5914; - - result = wc_AesGcmDecrypt(&dec, resultP, resultC, cipherSz, - iv, ivSz, resultT, tagSz, aad, aadSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -5915; - if (plain != NULL) { - if (XMEMCMP(plain, resultP, plainSz)) - return -5916; - } - - wc_AesFree(&dec); -#endif /* HAVE_AES_DECRYPT */ - - return 0; -} - - -/* tests that only use 12 byte IV and 16 or less byte AAD - * test vectors are from NIST SP 800-38D - * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/ -int aesgcm_default_test(void) -{ - byte key1[] = { - 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, - 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc - }; - - byte iv1[] = { - 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, - 0xe4, 0xed, 0x2f, 0x6d - }; - - ALIGN64 byte plain1[] = { - 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, - 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, - 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, - 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 - }; - - byte aad1[] = { - 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, - 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 - }; - - ALIGN64 byte cipher1[] = { - 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, - 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, - 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, - 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb - }; - - byte tag1[] = { - 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, - 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 - }; - - byte key2[] = { - 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe, - 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64 - }; - - byte iv2[] = { - 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78, - 0xc9, 0x8a, 0xff, 0xe3 - }; - - ALIGN64 byte plain2[] = { - 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b, - 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7 - }; - - ALIGN64 byte cipher2[] = { - 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe, - 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c - }; - - byte tag2[] = { - 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68, - 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19 - }; - - byte key3[] = { - 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba, - 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f - }; - - byte iv3[] = { - 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45, - 0x6a, 0x4b, 0xd5, 0xe1 - }; - - byte tag3[] = { - 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68, - 0x11, 0x64, 0xb2, 0xff - }; - - int ret; - ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1), - plain1, sizeof(plain1), cipher1, sizeof(cipher1), - aad1, sizeof(aad1), tag1, sizeof(tag1)); - if (ret != 0) { - return ret; - } - ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2), - plain2, sizeof(plain2), cipher2, sizeof(cipher2), - NULL, 0, tag2, sizeof(tag2)); - if (ret != 0) { - return ret; - } - ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3), - NULL, 0, NULL, 0, - NULL, 0, tag3, sizeof(tag3)); - if (ret != 0) { - return ret; - } - - return 0; -} - -int aesgcm_test(void) -{ - Aes enc; - Aes dec; - - /* - * This is Test Case 16 from the document Galois/ - * Counter Mode of Operation (GCM) by McGrew and - * Viega. - */ - const byte p[] = - { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 - }; - -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_256) - const byte a[] = - { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 - }; -#endif - -#ifdef WOLFSSL_AES_256 - const byte k1[] = - { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 - }; - - const byte iv1[] = - { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 - }; - - const byte c1[] = - { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 - }; -#endif /* WOLFSSL_AES_256 */ - - const byte t1[] = - { - 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b - }; - - /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */ -#if !defined(HAVE_FIPS) && \ - !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \ - !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ - !(defined(WOLF_CRYPTO_CB) && \ - (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) - - #define ENABLE_NON_12BYTE_IV_TEST -#ifdef WOLFSSL_AES_192 - /* Test Case 12, uses same plaintext and AAD data. */ - const byte k2[] = - { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c - }; - - const byte iv2[] = - { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b - }; - - const byte c2[] = - { - 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, - 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, - 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, - 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, - 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, - 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, - 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, - 0xe9, 0xb7, 0x37, 0x3b - }; - - const byte t2[] = - { - 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, - 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 - }; -#endif /* WOLFSSL_AES_192 */ -#ifdef WOLFSSL_AES_128 - /* The following is an interesting test case from the example - * FIPS test vectors for AES-GCM. IVlen = 1 byte */ - const byte p3[] = - { - 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5, - 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 - }; - - const byte k3[] = - { - 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a, - 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b - }; - - const byte iv3[] = - { - 0xca - }; - - const byte c3[] = - { - 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f, - 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07 - }; - - const byte a3[] = - { - 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1, - 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54 - }; - - const byte t3[] = - { - 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, - 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_256 - int ivlen; -#endif -#endif - - byte resultT[sizeof(t1)]; - byte resultP[sizeof(p) + AES_BLOCK_SIZE]; - byte resultC[sizeof(p) + AES_BLOCK_SIZE]; - int result; -#ifdef WOLFSSL_AES_256 - int alen; - #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) - int plen; - #endif -#endif - -#if !defined(BENCH_EMBEDDED) - #ifndef BENCH_AESGCM_LARGE - #define BENCH_AESGCM_LARGE 1024 - #endif - byte large_input[BENCH_AESGCM_LARGE]; - byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE]; - byte large_outdec[BENCH_AESGCM_LARGE]; - - XMEMSET(large_input, 0, sizeof(large_input)); - XMEMSET(large_output, 0, sizeof(large_output)); - XMEMSET(large_outdec, 0, sizeof(large_outdec)); -#endif - - (void)result; - - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -6100; - } - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { - return -6101; - } - -#ifdef WOLFSSL_AES_256 - result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); - if (result != 0) - return -6102; - - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), - resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6103; - if (XMEMCMP(c1, resultC, sizeof(c1))) - return -6104; - if (XMEMCMP(t1, resultT, sizeof(resultT))) - return -6105; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmSetKey(&dec, k1, sizeof(k1)); - if (result != 0) - return -6106; - - result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), - iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6107; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6108; -#endif /* HAVE_AES_DECRYPT */ - - /* Large buffer test */ -#ifdef BENCH_AESGCM_LARGE - /* setup test buffer */ - for (alen=0; alen<BENCH_AESGCM_LARGE; alen++) - large_input[alen] = (byte)alen; - - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, large_output, large_input, - BENCH_AESGCM_LARGE, iv1, sizeof(iv1), - resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6109; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&dec, large_outdec, large_output, - BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, - sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6110; - if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) - return -6111; -#endif /* HAVE_AES_DECRYPT */ -#endif /* BENCH_AESGCM_LARGE */ -#if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256) - /* Variable IV length test */ - for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) { - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), k1, - (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6112; -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), k1, - (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6113; -#endif /* HAVE_AES_DECRYPT */ - } -#endif - -#if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC)) - /* Variable authenticated data length test */ - for (alen=0; alen<(int)sizeof(p); alen++) { - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, - sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6114; -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), iv1, - sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6115; -#endif /* HAVE_AES_DECRYPT */ - } -#endif - -#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) -#ifdef BENCH_AESGCM_LARGE - /* Variable plain text length test */ - for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) { - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, large_output, large_input, - plen, iv1, sizeof(iv1), resultT, - sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6116; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&dec, large_outdec, large_output, - plen, iv1, sizeof(iv1), resultT, - sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6117; -#endif /* HAVE_AES_DECRYPT */ - } -#else /* BENCH_AESGCM_LARGE */ - /* Variable plain text length test */ - for (plen=1; plen<(int)sizeof(p); plen++) { - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, (word32)plen, iv1, - sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6118; -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&dec, resultP, resultC, (word32)plen, iv1, - sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6119; -#endif /* HAVE_AES_DECRYPT */ - } -#endif /* BENCH_AESGCM_LARGE */ -#endif -#endif /* WOLFSSL_AES_256 */ - - /* test with IV != 12 bytes */ -#ifdef ENABLE_NON_12BYTE_IV_TEST - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - -#ifdef WOLFSSL_AES_192 - wc_AesGcmSetKey(&enc, k2, sizeof(k2)); - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2), - resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6120; - if (XMEMCMP(c2, resultC, sizeof(c2))) - return -6121; - if (XMEMCMP(t2, resultT, sizeof(resultT))) - return -6122; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c1), - iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6123; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6124; -#endif /* HAVE_AES_DECRYPT */ - - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); -#endif /* WOLFSSL_AES_192 */ -#ifdef WOLFSSL_AES_128 - wc_AesGcmSetKey(&enc, k3, sizeof(k3)); - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), - resultT, sizeof(t3), a3, sizeof(a3)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6125; - if (XMEMCMP(c3, resultC, sizeof(c3))) - return -6126; - if (XMEMCMP(t3, resultT, sizeof(t3))) - return -6127; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3), - iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6128; - if (XMEMCMP(p3, resultP, sizeof(p3))) - return -6129; -#endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ -#endif /* ENABLE_NON_12BYTE_IV_TEST */ - -#if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ - !defined(WOLFSSL_XILINX_CRYPT) && \ - !(defined(WOLF_CRYPTO_CB) && \ - defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - wc_AesGcmSetKey(&enc, k1, sizeof(k1)); - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), - resultT + 1, sizeof(resultT) - 1, a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6130; - if (XMEMCMP(c1, resultC, sizeof(c1))) - return -6131; - if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1)) - return -6132; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(p), - iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6133; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6134; -#endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_256 */ - -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - /* Test encrypt with internally generated IV */ -#if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \ - && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC)) - { - WC_RNG rng; - byte randIV[12]; - - result = wc_InitRng(&rng); - if (result != 0) - return -6135; - - XMEMSET(randIV, 0, sizeof(randIV)); - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - wc_AesGcmSetKey(&enc, k1, sizeof(k1)); - result = wc_AesGcmSetIV(&enc, sizeof(randIV), NULL, 0, &rng); - if (result != 0) - return -6136; - - result = wc_AesGcmEncrypt_ex(&enc, - resultC, p, sizeof(p), - randIV, sizeof(randIV), - resultT, sizeof(resultT), - a, sizeof(a)); - #if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (result != 0) - return -6137; - - /* Check the IV has been set. */ - { - word32 i, ivSum = 0; - - for (i = 0; i < sizeof(randIV); i++) - ivSum += randIV[i]; - if (ivSum == 0) - return -6138; - } - -#ifdef HAVE_AES_DECRYPT - wc_AesGcmSetKey(&dec, k1, sizeof(k1)); - result = wc_AesGcmSetIV(&dec, sizeof(randIV), NULL, 0, &rng); - if (result != 0) - return -6139; - - result = wc_AesGcmDecrypt(&dec, - resultP, resultC, sizeof(c1), - randIV, sizeof(randIV), - resultT, sizeof(resultT), - a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6140; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6141; -#endif /* HAVE_AES_DECRYPT */ - - wc_FreeRng(&rng); - } -#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */ -#endif /* HAVE_FIPS_VERSION >= 2 */ - - wc_AesFree(&enc); - wc_AesFree(&dec); - - return 0; -} - -#ifdef WOLFSSL_AES_128 -int gmac_test(void) -{ - Gmac gmac; - - const byte k1[] = - { - 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, - 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 - }; - const byte iv1[] = - { - 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, - 0xe2, 0x8c, 0x8f, 0x16 - }; - const byte a1[] = - { - 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, - 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 - }; - const byte t1[] = - { - 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, - 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b - }; - -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - /* FIPS builds only allow 16-byte auth tags. */ - /* This sample uses a 15-byte auth tag. */ - const byte k2[] = - { - 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4, - 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b - }; - const byte iv2[] = - { - 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03, - 0x1a, 0x60, 0x24, 0xa7 - }; - const byte a2[] = - { - 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18, - 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56 - }; - const byte t2[] = - { - 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f, - 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 - }; -#endif - - byte tag[16]; - - XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ - (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */ - XMEMSET(tag, 0, sizeof(tag)); - wc_GmacSetKey(&gmac, k1, sizeof(k1)); - wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); - if (XMEMCMP(t1, tag, sizeof(t1)) != 0) - return -6200; - -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - XMEMSET(tag, 0, sizeof(tag)); - wc_GmacSetKey(&gmac, k2, sizeof(k2)); - wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); - if (XMEMCMP(t2, tag, sizeof(t2)) != 0) - return -6201; - -#if !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) - { - const byte badT[] = - { - 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43, - 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b - }; - - WC_RNG rng; - byte iv[12]; - - #ifndef HAVE_FIPS - if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0) - return -6202; - #else - if (wc_InitRng(&rng) != 0) - return -6203; - #endif - - if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), - t1, sizeof(t1)) != 0) - return -6204; - if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), - badT, sizeof(badT)) != AES_GCM_AUTH_E) - return -6205; - if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2), - t2, sizeof(t2)) != 0) - return -6206; - - XMEMSET(tag, 0, sizeof(tag)); - XMEMSET(iv, 0, sizeof(iv)); - if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), - tag, sizeof(tag), &rng) != 0) - return -6207; - if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), - tag, sizeof(tag)) != 0) - return -6208; - wc_FreeRng(&rng); - } -#endif /* WC_NO_RNG HAVE_SELFTEST */ -#endif /* HAVE_FIPS */ - - return 0; -} -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AESGCM */ - -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) -int aesccm_test(void) -{ - Aes enc; - - /* key */ - const byte k[] = - { - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf - }; - - /* nonce */ - const byte iv[] = - { - 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, - 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 - }; - - /* plaintext */ - const byte p[] = - { - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e - }; - - const byte a[] = - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - const byte c[] = - { - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 - }; - - const byte t[] = - { - 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 - }; - - byte t2[sizeof(t)]; - byte p2[sizeof(p)]; - byte c2[sizeof(c)]; - byte iv2[sizeof(iv)]; - - int result; - - XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ - XMEMSET(t2, 0, sizeof(t2)); - XMEMSET(c2, 0, sizeof(c2)); - XMEMSET(p2, 0, sizeof(p2)); - - result = wc_AesCcmSetKey(&enc, k, sizeof(k)); - if (result != 0) - return -6300; - - /* AES-CCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result != 0) - return -6301; - if (XMEMCMP(c, c2, sizeof(c2))) - return -6302; - if (XMEMCMP(t, t2, sizeof(t2))) - return -6303; - - result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result != 0) - return -6304; - if (XMEMCMP(p, p2, sizeof(p2))) - return -6305; - - /* Test the authentication failure */ - t2[0]++; /* Corrupt the authentication tag. */ - result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result == 0) - return -6306; - - /* Clear c2 to compare against p2. p2 should be set to zero in case of - * authentication fail. */ - XMEMSET(c2, 0, sizeof(c2)); - if (XMEMCMP(p2, c2, sizeof(p2))) - return -6307; - - XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ - XMEMSET(t2, 0, sizeof(t2)); - XMEMSET(c2, 0, sizeof(c2)); - XMEMSET(p2, 0, sizeof(p2)); - XMEMSET(iv2, 0, sizeof(iv2)); - -#ifndef HAVE_SELFTEST - /* selftest build does not have wc_AesCcmSetNonce() or - * wc_AesCcmEncrypt_ex() */ - if (wc_AesCcmSetKey(&enc, k, sizeof(k)) != 0) - return -6308; - - if (wc_AesCcmSetNonce(&enc, iv, sizeof(iv)) != 0) - return -6309; - if (wc_AesCcmEncrypt_ex(&enc, c2, p, sizeof(c2), iv2, sizeof(iv2), - t2, sizeof(t2), a, sizeof(a)) != 0) - return -6310; - if (XMEMCMP(iv, iv2, sizeof(iv2))) - return -6311; - if (XMEMCMP(c, c2, sizeof(c2))) - return -6312; - if (XMEMCMP(t, t2, sizeof(t2))) - return -6313; -#endif - - return 0; -} -#endif /* HAVE_AESCCM WOLFSSL_AES_128 */ - - -#ifdef HAVE_AES_KEYWRAP - -#define MAX_KEYWRAP_TEST_OUTLEN 40 -#define MAX_KEYWRAP_TEST_PLAINLEN 32 - -typedef struct keywrapVector { - const byte* kek; - const byte* data; - const byte* verify; - word32 kekLen; - word32 dataLen; - word32 verifyLen; -} keywrapVector; - -int aeskeywrap_test(void) -{ - int wrapSz, plainSz, testSz, i; - - /* test vectors from RFC 3394 (kek, data, verify) */ - -#ifdef WOLFSSL_AES_128 - /* Wrap 128 bits of Key Data with a 128-bit KEK */ - const byte k1[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - const byte d1[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v1[] = { - 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, - 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, - 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* Wrap 128 bits of Key Data with a 192-bit KEK */ - const byte k2[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 - }; - - const byte d2[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v2[] = { - 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, - 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, - 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Wrap 128 bits of Key Data with a 256-bit KEK */ - const byte k3[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d3[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v3[] = { - 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, - 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, - 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7 - }; -#endif - -#ifdef WOLFSSL_AES_192 - /* Wrap 192 bits of Key Data with a 192-bit KEK */ - const byte k4[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 - }; - - const byte d4[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - const byte v4[] = { - 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, - 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, - 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, - 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Wrap 192 bits of Key Data with a 256-bit KEK */ - const byte k5[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d5[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - const byte v5[] = { - 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, - 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, - 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, - 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1 - }; - - /* Wrap 256 bits of Key Data with a 256-bit KEK */ - const byte k6[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d6[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - const byte v6[] = { - 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, - 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, - 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, - 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, - 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 - }; -#endif /* WOLFSSL_AES_256 */ - - byte output[MAX_KEYWRAP_TEST_OUTLEN]; - byte plain [MAX_KEYWRAP_TEST_PLAINLEN]; - - const keywrapVector test_wrap[] = - { - #ifdef WOLFSSL_AES_128 - {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)}, - #endif - #ifdef WOLFSSL_AES_192 - {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)}, - #endif - #ifdef WOLFSSL_AES_256 - {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)}, - #endif - #ifdef WOLFSSL_AES_192 - {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)}, - #endif - #ifdef WOLFSSL_AES_256 - {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)}, - {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)} - #endif - }; - testSz = sizeof(test_wrap) / sizeof(keywrapVector); - - XMEMSET(output, 0, sizeof(output)); - XMEMSET(plain, 0, sizeof(plain)); - - for (i = 0; i < testSz; i++) { - - wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen, - test_wrap[i].data, test_wrap[i].dataLen, - output, sizeof(output), NULL); - - if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) - return -6400; - - if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) - return -6401; - - plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, - output, wrapSz, - plain, sizeof(plain), NULL); - - if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) - return -6402; - - if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) - return -6403 - i; - } - - return 0; -} -#endif /* HAVE_AES_KEYWRAP */ - - -#endif /* NO_AES */ - - -#ifdef HAVE_CAMELLIA - -enum { - CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC -}; - -typedef struct { - int type; - const byte* plaintext; - const byte* iv; - const byte* ciphertext; - const byte* key; - word32 keySz; - int errorCode; -} test_vector_t; - -int camellia_test(void) -{ - /* Camellia ECB Test Plaintext */ - static const byte pte[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 - }; - - /* Camellia ECB Test Initialization Vector */ - static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - - /* Test 1: Camellia ECB 128-bit key */ - static const byte k1[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 - }; - static const byte c1[] = - { - 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, - 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 - }; - - /* Test 2: Camellia ECB 192-bit key */ - static const byte k2[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - }; - static const byte c2[] = - { - 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, - 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 - }; - - /* Test 3: Camellia ECB 256-bit key */ - static const byte k3[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff - }; - static const byte c3[] = - { - 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, - 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 - }; - - /* Camellia CBC Test Plaintext */ - static const byte ptc[] = - { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A - }; - - /* Camellia CBC Test Initialization Vector */ - static const byte ivc[] = - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - /* Test 4: Camellia-CBC 128-bit key */ - static const byte k4[] = - { - 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C - }; - static const byte c4[] = - { - 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, - 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB - }; - - /* Test 5: Camellia-CBC 192-bit key */ - static const byte k5[] = - { - 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B - }; - static const byte c5[] = - { - 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, - 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 - }; - - /* Test 6: CBC 256-bit key */ - static const byte k6[] = - { - 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 - }; - static const byte c6[] = - { - 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, - 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA - }; - - byte out[CAMELLIA_BLOCK_SIZE]; - Camellia cam; - int i, testsSz, ret; - const test_vector_t testVectors[] = - { - {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114}, - {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115}, - {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116}, - {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117}, - {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118}, - {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119}, - {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120}, - {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121}, - {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122}, - {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123}, - {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124}, - {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125} - }; - - testsSz = sizeof(testVectors)/sizeof(test_vector_t); - for (i = 0; i < testsSz; i++) { - if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, - testVectors[i].iv) != 0) - return testVectors[i].errorCode; - - switch (testVectors[i].type) { - case CAM_ECB_ENC: - ret = wc_CamelliaEncryptDirect(&cam, out, - testVectors[i].plaintext); - if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_ECB_DEC: - ret = wc_CamelliaDecryptDirect(&cam, out, - testVectors[i].ciphertext); - if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_CBC_ENC: - ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE); - if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_CBC_DEC: - ret = wc_CamelliaCbcDecrypt(&cam, out, - testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE); - if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - default: - break; - } - } - - /* Setting the IV and checking it was actually set. */ - ret = wc_CamelliaSetIV(&cam, ivc); - if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE)) - return -6500; - - /* Setting the IV to NULL should be same as all zeros IV */ - if (wc_CamelliaSetIV(&cam, NULL) != 0 || - XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE)) - return -6501; - - /* First parameter should never be null */ - if (wc_CamelliaSetIV(NULL, NULL) == 0) - return -6502; - - /* First parameter should never be null, check it fails */ - if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) - return -6503; - - /* Key should have a size of 16, 24, or 32 */ - if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) - return -6504; - - return 0; -} -#endif /* HAVE_CAMELLIA */ - -#ifdef HAVE_IDEA -int idea_test(void) -{ - int ret; - word16 i, j; - - Idea idea; - byte data[IDEA_BLOCK_SIZE]; - - /* Project NESSIE test vectors */ -#define IDEA_NB_TESTS 6 -#define IDEA_NB_TESTS_EXTRA 4 - - const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = { - { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, - 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, - { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, - 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, - { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, - 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, - { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, - 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, - }; - - const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { - { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, - { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, - { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F }, - { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 }, - }; - - byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { - { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC }, - { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE }, - { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 }, - { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, - }; - - byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { - { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 }, - { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 }, - { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 }, - { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C }, - }; - - byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { - { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 }, - { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D }, - { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F }, - { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 }, - }; - - /* CBC test */ - const char *message = "International Data Encryption Algorithm"; - byte msg_enc[40], msg_dec[40]; - - for (i = 0; i < IDEA_NB_TESTS; i++) { - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6600; - } - - /* Data encryption */ - ret = wc_IdeaCipher(&idea, data, v1_plain[i]); - if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption\n"); - return -6601; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (dec) failed\n"); - return -6602; - } - - /* Data decryption */ - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad decryption\n"); - return -6603; - } - - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - v_key[i], IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6604; - } - - XMEMSET(msg_enc, 0, sizeof(msg_enc)); - ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message, - (word32)XSTRLEN(message)+1); - if (ret != 0) { - printf("wc_IdeaCbcEncrypt failed\n"); - return -6605; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - v_key[i], IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (dec) failed\n"); - return -6606; - } - - XMEMSET(msg_dec, 0, sizeof(msg_dec)); - ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc, - (word32)XSTRLEN(message)+1); - if (ret != 0) { - printf("wc_IdeaCbcDecrypt failed\n"); - return -6607; - } - - if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { - printf("Bad CBC decryption\n"); - return -6608; - } - } - - for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) { - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6609; - } - - /* 100 times data encryption */ - XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); - for (j = 0; j < 100; j++) { - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0) { - return -6610; - } - } - - if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption (100 times)\n"); - return -6611; - } - - /* 1000 times data encryption */ - XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); - for (j = 0; j < 1000; j++) { - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0) { - return -6612; - } - } - - if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption (100 times)\n"); - return -6613; - } - } - -#ifndef WC_NO_RNG - /* random test for CBC */ - { - WC_RNG rng; - byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE], - rnd[1000], enc[1000], dec[1000]; - - /* random values */ - #ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); - #else - ret = wc_InitRng(&rng); - #endif - if (ret != 0) - return -6614; - - for (i = 0; i < 1000; i++) { - /* random key */ - ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); - if (ret != 0) - return -6615; - - /* random iv */ - ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)); - if (ret != 0) - return -6616; - - /* random data */ - ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd)); - if (ret != 0) - return -6617; - - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6618; - } - - /* Data encryption */ - XMEMSET(enc, 0, sizeof(enc)); - ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd)); - if (ret != 0) { - printf("wc_IdeaCbcEncrypt failed\n"); - return -6619; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6620; - } - - /* Data decryption */ - XMEMSET(dec, 0, sizeof(dec)); - ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc)); - if (ret != 0) { - printf("wc_IdeaCbcDecrypt failed\n"); - return -6621; - } - - if (XMEMCMP(rnd, dec, sizeof(rnd))) { - printf("Bad CBC decryption\n"); - return -6622; - } - } - - wc_FreeRng(&rng); - } -#endif /* WC_NO_RNG */ - - return 0; -} -#endif /* HAVE_IDEA */ - - -#ifndef WC_NO_RNG -static int _rng_test(WC_RNG* rng, int errorOffset) -{ - byte block[32]; - int ret, i; - - XMEMSET(block, 0, sizeof(block)); - - ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); - if (ret != 0) { - ret = -6623; - goto exit; - } - - /* Check for 0's */ - for (i=0; i<(int)sizeof(block); i++) { - if (block[i] == 0) { - ret++; - } - } - /* All zeros count check */ - if (ret >= (int)sizeof(block)) { - ret = -6624; - goto exit; - } - - ret = wc_RNG_GenerateByte(rng, block); - if (ret != 0) { - ret = -6625; - goto exit; - } - - /* Parameter validation testing. */ - ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); - if (ret != BAD_FUNC_ARG) { - ret = -6626; - goto exit; - } - ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block)); - if (ret != BAD_FUNC_ARG) { - ret = -6627; - goto exit; - } - - ret = wc_RNG_GenerateByte(NULL, block); - if (ret != BAD_FUNC_ARG) { - ret = -6628; - goto exit; - } - ret = wc_RNG_GenerateByte(rng, NULL); - if (ret != BAD_FUNC_ARG) { - ret = -6629; - goto exit; - } - - ret = 0; - -exit: - if (ret != 0) - ret += errorOffset; - - return ret; -} - - -static int random_rng_test(void) -{ - WC_RNG localRng; - WC_RNG* rng; - int ret; - - rng = &localRng; - /* Test stack based RNG. */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(rng); -#endif - if (ret != 0) return -6700; - - ret = _rng_test(rng, -6300); - - /* Make sure and free RNG */ - wc_FreeRng(rng); - - if (ret != 0) return ret; - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - { - byte nonce[8] = { 0 }; - /* Test dynamic RNG. */ - rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); - if (rng == NULL) return -6701; - - ret = _rng_test(rng, -6310); - - wc_rng_free(rng); - } -#endif - - return ret; -} - -#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) - -int random_test(void) -{ - const byte test1Entropy[] = - { - 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, - 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, - 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, - 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e - }; - const byte test1Output[] = - { - 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, - 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, - 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, - 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, - 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, - 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, - 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, - 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, - 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, - 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, - 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf - }; - const byte test2EntropyA[] = - { - 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, - 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, - 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, - 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 - }; - const byte test2EntropyB[] = - { - 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, - 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, - 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 - }; - const byte test2Output[] = - { - 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, - 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, - 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, - 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, - 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, - 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, - 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, - 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, - 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, - 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, - 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 - }; - - byte output[WC_SHA256_DIGEST_SIZE * 4]; - int ret; - - ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, - output, sizeof(output)); - if (ret != 0) - return -6800; - - if (XMEMCMP(test1Output, output, sizeof(output)) != 0) - return -6801; - - ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), - test2EntropyB, sizeof(test2EntropyB), - output, sizeof(output)); - if (ret != 0) - return -6802; - - if (XMEMCMP(test2Output, output, sizeof(output)) != 0) - return -6803; - - /* Basic RNG generate block test */ - if ((ret = random_rng_test()) != 0) - return ret; - - /* Test the seed check function. */ -#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - { - word32 i, outputSz; - - /* Repeat the same byte over and over. Should fail. */ - outputSz = sizeof(output); - XMEMSET(output, 1, outputSz); - ret = wc_RNG_TestSeed(output, outputSz); - if (ret == 0) - return -6804; - - /* Every byte of the entropy scratch is different, - * entropy is a single byte that shouldn't match. */ - outputSz = (sizeof(word32) * 2) + 1; - for (i = 0; i < outputSz; i++) - output[i] = (byte)i; - ret = wc_RNG_TestSeed(output, outputSz); - if (ret != 0) - return -6805; - - outputSz = sizeof(output); - for (i = 0; i < outputSz; i++) - output[i] = (byte)i; - ret = wc_RNG_TestSeed(output, outputSz); - if (ret != 0) - return -6806; - } -#endif - return 0; -} - -#else - -int random_test(void) -{ - /* Basic RNG generate block test */ - return random_rng_test(); -} - -#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */ -#endif /* WC_NO_RNG */ - -#ifndef MEM_TEST_SZ - #define MEM_TEST_SZ 1024 -#endif - -#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) -static int simple_mem_test(int sz) -{ - int ret = 0; - byte* b; - int i; - - b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (b == NULL) { - return -6900; - } - /* utilize memory */ - for (i = 0; i < sz; i++) { - b[i] = (byte)i; - } - /* read back and verify */ - for (i = 0; i < sz; i++) { - if (b[i] != (byte)i) { - ret = -6901; - break; - } - } - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} -#endif - -int memory_test(void) -{ - int ret = 0; -#ifndef USE_FAST_MATH - byte* b = NULL; -#endif -#if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) - int i; -#endif -#ifdef WOLFSSL_STATIC_MEMORY - word32 size[] = { WOLFMEM_BUCKETS }; - word32 dist[] = { WOLFMEM_DIST }; - byte buffer[30000]; /* make large enough to involve many bucket sizes */ - int pad = -(int)((wolfssl_word)buffer) & (WOLFSSL_STATIC_ALIGN - 1); - /* pad to account for if head of buffer is not at set memory - * alignment when tests are ran */ -#endif - -#ifdef WOLFSSL_STATIC_MEMORY - /* check macro settings */ - if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -7000; - } - - if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -7001; - } - - for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { - if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { - /* each element in array should be divisible by alignment size */ - return -7002; - } - } - - for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { - if (size[i - 1] >= size[i]) { - return -7003; /* sizes should be in increasing order */ - } - } - - /* check that padding size returned is possible */ - if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { - return -7004; /* no room for wc_Memory struct */ - } - - if (wolfSSL_MemoryPaddingSz() < 0) { - return -7005; - } - - if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { - return -7006; /* not aligned! */ - } - - /* check function to return optimum buffer size (rounded down) */ - ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); - if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { - return -7007; /* not aligned! */ - } - - if (ret < 0) { - return -7008; - } - - if ((unsigned int)ret > sizeof(buffer)) { - return -7009; /* did not round down as expected */ - } - - if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { - return -7010; /* return value changed when using suggested value */ - } - - ret = wolfSSL_MemoryPaddingSz(); - ret += pad; /* add space that is going to be needed if buffer not aligned */ - if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != - (ret + (int)size[0])) { - return -7011; /* did not round down to nearest bucket value */ - } - - ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); - if ((ret - pad) < 0) { - return -7012; - } - - if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { - return -7013; /* not even chunks of memory for IO size */ - } - - if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { - return -7014; /* memory not aligned */ - } - - /* check for passing bad or unknown arguments to functions */ - if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { - return -7015; - } - - if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { - return -7016; /* should round to 0 since struct + bucket will not fit */ - } - - (void)dist; /* avoid static analysis warning of variable not used */ -#endif - -#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) - /* simple test */ - ret = simple_mem_test(MEM_TEST_SZ); - if (ret != 0) - return ret; -#endif - -#ifdef COMPLEX_MEM_TEST - /* test various size blocks */ - for (i = 1; i < MEM_TEST_SZ; i*=2) { - ret = simple_mem_test(i); - if (ret != 0) - return ret; - } -#endif - -#ifndef USE_FAST_MATH - /* realloc test */ - b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (b) { - b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - } - if (b == NULL) { - return -7017; - } - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - -#ifdef HAVE_NTRU - -byte GetEntropy(ENTROPY_CMD cmd, byte* out); - -byte GetEntropy(ENTROPY_CMD cmd, byte* out) -{ - static WC_RNG rng; - - if (cmd == INIT) - return (wc_InitRng(&rng) == 0) ? 1 : 0; - - if (out == NULL) - return 0; - - if (cmd == GET_BYTE_OF_ENTROPY) - return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; - - if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { - *out = 1; - return 1; - } - - return 0; -} - -#endif /* HAVE_NTRU */ - - -#ifndef NO_FILESYSTEM - -/* Cert Paths */ -#ifdef FREESCALE_MQX - #define CERT_PREFIX "a:\\" - #define CERT_PATH_SEP "\\" -#elif defined(WOLFSSL_uTKERNEL2) - #define CERT_PREFIX "/uda/" - #define CERT_PATH_SEP "/" -#else - #define CERT_PREFIX "./" - #define CERT_PATH_SEP "/" -#endif -#define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP - -/* Generated Test Certs */ -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - #if !defined(NO_RSA) && !defined(NO_ASN) - static const char* clientKey = CERT_ROOT "client-key.der"; - static const char* clientCert = CERT_ROOT "client-cert.der"; - #ifdef WOLFSSL_CERT_EXT - static const char* clientKeyPub = CERT_ROOT "client-keyPub.der"; - #endif - #endif /* !NO_RSA && !NO_ASN */ -#endif -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - #if !defined(NO_RSA) && !defined(NO_ASN) - #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7) - static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der"; - #ifdef WOLFSSL_CERT_GEN - static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; - #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) - static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; - #endif - #ifdef HAVE_PKCS7 - static const char* rsaServerCertDerFile = - CERT_ROOT "server-cert.der"; - static const char* rsaServerKeyDerFile = - CERT_ROOT "server-key.der"; - #endif - #endif - #endif /* !NO_RSA && !NO_ASN */ -#endif /* !USE_CERT_BUFFER_* */ -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_ASN) - #ifndef NO_DH - static const char* dhKey = CERT_ROOT "dh2048.der"; - #endif - #ifndef NO_DSA - static const char* dsaKey = CERT_ROOT "dsa2048.der"; - #endif -#endif /* !USE_CERT_BUFFER_* */ -#if !defined(USE_CERT_BUFFERS_256) - #ifdef HAVE_ECC - /* cert files to be used in rsa cert gen test, check if RSA enabled */ - #ifdef HAVE_ECC_KEY_IMPORT - static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; - #endif -#endif -#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN) - #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) - #ifndef NO_RSA - /* eccKeyPubFile is used in a test that requires RSA. */ - static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; - #endif - static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; - static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; - #ifdef ENABLE_ECC384_CERT_GEN_TEST - static const char* eccCaKey384File = - CERT_ROOT "ca-ecc384-key.der"; - static const char* eccCaCert384File = - CERT_ROOT "ca-ecc384-cert.pem"; - #endif - #endif - #if defined(HAVE_PKCS7) && defined(HAVE_ECC) - static const char* eccClientKey = CERT_ROOT "ecc-client-key.der"; - static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der"; - #endif - #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 - #ifdef WOLFSSL_TEST_CERT - static const char* serverEd25519Cert = - CERT_ROOT "ed25519/server-ed25519.der"; - static const char* caEd25519Cert = - CERT_ROOT "ed25519/ca-ed25519.der"; - #endif - #endif - #ifdef HAVE_ED448 - #ifdef WOLFSSL_TEST_CERT - static const char* serverEd448Cert = - CERT_ROOT "ed448/server-ed448.der"; - static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der"; - #endif - #endif -#endif /* !USE_CERT_BUFFER_* */ - -#ifndef NO_WRITE_TEMP_FILES -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - static const char* certEccPemFile = CERT_PREFIX "certecc.pem"; - #endif - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; - static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; - #endif - #ifdef WOLFSSL_KEY_GEN - static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; - static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; - static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; - static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; - #endif - #if defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* certEccDerFile = CERT_PREFIX "certecc.der"; - #endif -#endif /* HAVE_ECC */ - -#ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* otherCertDerFile = CERT_PREFIX "othercert.der"; - static const char* certDerFile = CERT_PREFIX "cert.der"; - #endif - #ifdef WOLFSSL_CERT_GEN - static const char* otherCertPemFile = CERT_PREFIX "othercert.pem"; - static const char* certPemFile = CERT_PREFIX "cert.pem"; - #endif - #ifdef WOLFSSL_CERT_REQ - static const char* certReqDerFile = CERT_PREFIX "certreq.der"; - static const char* certReqPemFile = CERT_PREFIX "certreq.pem"; - #endif -#endif /* !NO_RSA */ - -#if !defined(NO_RSA) || !defined(NO_DSA) - #ifdef WOLFSSL_KEY_GEN - static const char* keyDerFile = CERT_PREFIX "key.der"; - static const char* keyPemFile = CERT_PREFIX "key.pem"; - #endif -#endif - -#endif /* !NO_WRITE_TEMP_FILES */ -#endif /* !NO_FILESYSTEM */ - - -#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ - (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) -#ifdef WOLFSSL_MULTI_ATTRIB -static CertName certDefaultName; -static void initDefaultName(void) -{ - XMEMCPY(certDefaultName.country, "US", sizeof("US")); - certDefaultName.countryEnc = CTC_PRINTABLE; - XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon")); - certDefaultName.stateEnc = CTC_UTF8; - XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland")); - certDefaultName.localityEnc = CTC_UTF8; - XMEMCPY(certDefaultName.sur, "Test", sizeof("Test")); - certDefaultName.surEnc = CTC_UTF8; - XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL")); - certDefaultName.orgEnc = CTC_UTF8; - XMEMCPY(certDefaultName.unit, "Development", sizeof("Development")); - certDefaultName.unitEnc = CTC_UTF8; - XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); - certDefaultName.commonNameEnc = CTC_UTF8; - XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); - certDefaultName.serialDevEnc = CTC_PRINTABLE; -#ifdef WOLFSSL_CERT_EXT - XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization")); - certDefaultName.busCatEnc = CTC_UTF8; -#endif - XMEMCPY(certDefaultName.email, "[email protected]", sizeof("[email protected]")); - -#ifdef WOLFSSL_TEST_CERT - { - NameAttrib* n; - /* test having additional OUs and setting DC */ - n = &certDefaultName.name[0]; - n->id = ASN_ORGUNIT_NAME; - n->type = CTC_UTF8; - n->sz = sizeof("Development-2"); - XMEMCPY(n->value, "Development-2", sizeof("Development-2")); - - #if CTC_MAX_ATTRIB > 3 - n = &certDefaultName.name[1]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("com"); - XMEMCPY(n->value, "com", sizeof("com")); - - n = &certDefaultName.name[2]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("wolfssl"); - XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); - - #endif - } -#endif /* WOLFSSL_TEST_CERT */ -} -#else -static const CertName certDefaultName = { - "US", CTC_PRINTABLE, /* country */ - "Oregon", CTC_UTF8, /* state */ - "Portland", CTC_UTF8, /* locality */ - "Test", CTC_UTF8, /* sur */ - "wolfSSL", CTC_UTF8, /* org */ - "Development", CTC_UTF8, /* unit */ - "www.wolfssl.com", CTC_UTF8, /* commonName */ - "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */ -#ifdef WOLFSSL_CERT_EXT - "Private Organization", CTC_UTF8, /* businessCategory */ - "US", CTC_PRINTABLE, /* jurisdiction country */ - "Oregon", CTC_PRINTABLE, /* jurisdiction state */ -#endif - "[email protected]" /* email */ -}; -#endif /* WOLFSSL_MULTI_ATTRIB */ - -#ifdef WOLFSSL_CERT_EXT - #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ - defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC) - static const char certKeyUsage[] = - "digitalSignature,nonRepudiation"; - #endif - #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA) - static const char certKeyUsage2[] = - "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; - #endif -#endif /* WOLFSSL_CERT_EXT */ -#endif /* WOLFSSL_CERT_GEN */ - -#ifndef NO_RSA - -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -static byte minSerial[] = { 0x02, 0x01, 0x01 }; -static byte minName[] = { 0x30, 0x00 }; -static byte nameBad[] = { - 0x30, 0x08, - 0x31, 0x06, - 0x30, 0x04, - 0x06, 0x02, - 0x55, 0x04, -}; -static byte minDates[] = { - 0x30, 0x1e, - 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, - 0x32, 0x33, 0x31, 0x30, 0x5a, - 0x17, 0x0d, - 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, - 0x32, 0x33, 0x31, 0x30, 0x5a -}; -static byte minPubKey[] = { - 0x30, 0x1b, - 0x30, 0x0d, - 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, - 0x05, 0x00, - 0x03, 0x0b, - 0x00, 0x30, 0x08, - 0x02, 0x01, - 0x03, - 0x02, 0x03, - 0x01, 0x00, 0x01 -}; -static byte minSigAlg[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, - 0x05, 0x00 -}; -static byte minSig[] = { - 0x03, 0x01, - 0x00 -}; - -static int add_seq(byte* certData, int offset, byte* data, byte length) -{ - XMEMMOVE(certData + offset + 2, data, length); - certData[offset++] = 0x30; - certData[offset++] = length; - return offset + length; -} -static int add_data(byte* certData, int offset, byte* data, byte length) -{ - XMEMCPY(certData + offset, data, length); - return offset + length; -} - -static int cert_asn1_test(void) -{ - int ret; - int len[3]; - DecodedCert cert; - byte certData[106]; - byte* badCert = NULL; - - len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); - len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); - len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); - len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates)); - len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); - len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey)); - len[1] = add_seq(certData, 0, certData, len[2]); - len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg)); - len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig)); - len[0] = add_seq(certData, 0, certData, len[1]); - - /* Minimal good certificate */ - InitDecodedCert(&cert, certData, len[0], 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - FreeDecodedCert(&cert); - if (ret != 0) { - ERROR_OUT(-7100, done); - } - - /* Bad issuer name */ - len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); - len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); - len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad)); - len[1] = add_seq(certData, 0, certData, len[2]); - len[0] = add_seq(certData, 0, certData, len[1]); - /* Put data into allocated buffer to allow access error checking. */ - badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XMEMCPY(badCert, certData, len[0]); - InitDecodedCert(&cert, badCert, len[0], 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - FreeDecodedCert(&cert); - if (ret != ASN_PARSE_E) { - ERROR_OUT(-7101, done); - } - XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - badCert = NULL; - ret = 0; - -done: - if (badCert != NULL) - XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} - -int cert_test(void) -{ -#if !defined(NO_FILESYSTEM) - DecodedCert cert; - byte* tmp; - size_t bytes; - XFILE file; - int ret; - - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) - return -7200; - - /* Certificate with Name Constraints extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-nc.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7201, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-7202, done); - } - FreeDecodedCert(&cert); - - /* Certificate with Inhibit Any Policy extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-ia.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7203, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-7204, done); - } - FreeDecodedCert(&cert); - - /* Certificate with Netscape Certificate Type extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-nct.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7203, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); -#ifndef IGNORE_NETSCAPE_CERT_TYPE - if (ret != 0) { - ERROR_OUT(-7204, done); - } -#else - if (ret != ASN_CRIT_EXT_E) { - ERROR_OUT(-7205, done); - } - ret = 0; -#endif - -done: - FreeDecodedCert(&cert); - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* !NO_FILESYSTEM */ - - if (ret == 0) - ret = cert_asn1_test(); - - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -int certext_test(void) -{ - DecodedCert cert; - byte* tmp; - size_t bytes; - XFILE file; - int ret; - - /* created from rsa_test : othercert.der */ - byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" - "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - - /* created from rsa_test : othercert.der */ - byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" - "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; - -#ifdef HAVE_ECC - /* created from ecc_test_cert_gen : certecc.der */ -#ifdef ENABLE_ECC384_CERT_GEN_TEST - /* Authority key id from ./certs/ca-ecc384-cert.pem */ - byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2" - "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52"; -#else - /* Authority key id from ./certs/ca-ecc-cert.pem */ - byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45" - "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21"; -#endif -#endif /* HAVE_ECC */ - - /* created from rsa_test : cert.der */ - byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" - "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) - return -7300; - - /* load othercert.der (Cert signed by an authority) */ - file = XFOPEN(otherCertDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7301; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7302; - - /* check the SKID from a RSA certificate */ - if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -7303; - - /* check the AKID from an RSA certificate */ - if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7304; - - /* check the Key Usage from an RSA certificate */ - if (!cert.extKeyUsageSet) - return -7305; - - if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) - return -7306; - - /* check the CA Basic Constraints from an RSA certificate */ - if (cert.isCA) - return -7307; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 1) - return -7308; - - if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -7309; -#endif - - FreeDecodedCert(&cert); - -#ifdef HAVE_ECC - /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */ - file = XFOPEN(certEccDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7310; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7311; - - /* check the SKID from a ECC certificate - generated dynamically */ - - /* check the AKID from an ECC certificate */ - if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7312; - - /* check the Key Usage from an ECC certificate */ - if (!cert.extKeyUsageSet) - return -7313; - - if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) - return -7314; - - /* check the CA Basic Constraints from an ECC certificate */ - if (cert.isCA) - return -7315; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 2) - return -7316; - - if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) - return -7317; - - if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) - return -7318; -#endif - - FreeDecodedCert(&cert); -#endif /* HAVE_ECC */ - - /* load cert.der (self signed certificate) */ - file = XFOPEN(certDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7319; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7320; - - /* check the SKID from a CA certificate */ - if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -7321; - - /* check the AKID from an CA certificate */ - if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7322; - - /* check the Key Usage from CA certificate */ - if (!cert.extKeyUsageSet) - return -7323; - - if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) - return -7324; - - /* check the CA Basic Constraints CA certificate */ - if (!cert.isCA) - return -7325; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 2) - return -7326; - - if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -7327; - - if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) - return -7328; -#endif - - FreeDecodedCert(&cert); - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - - return 0; -} -#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */ - -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) -int decodedCertCache_test(void) -{ - int ret = 0; - Cert cert; - FILE* file; - byte* der; - word32 derSz; - - derSz = FOURK_BUF; - der = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) - ret = -7400; - - if (ret == 0) { - /* load cert.der */ - file = XFOPEN(certDerFile, "rb"); - if (file != NULL) { - derSz = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); - } - else - ret = -7401; - } - - if (ret == 0) { - if (wc_InitCert(&cert)) { - ret = -7402; - } - } - - if (ret == 0) { - ret = wc_SetSubjectBuffer(&cert, der, derSz); - } - - if (ret == 0) { - if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7403; - } - - if (ret == 0) { - if (wc_SetSubjectRaw(&cert, der, derSz) != 0) - ret = -7404; - } - - if (ret == 0) { - if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7405; - } - - if (ret == 0) { - if(wc_SetIssuerBuffer(&cert, der, derSz) != 0) - ret = -7406; - } - - if (ret == 0) { - if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7407; - } - - if (ret == 0) { - if(wc_SetIssuerRaw(&cert, der, derSz) != 0) - ret = -7408; - } - - if (ret == 0) { - if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7409; - } - -#ifdef WOLFSSL_ALT_NAMES - if (ret == 0) { - if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0) - ret = -7410; - } - - if (ret == 0) { - if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7411; - } - - if (ret == 0) { - if(wc_SetDatesBuffer(&cert, der, derSz) != 0) - ret = -7412; - } - - if (ret == 0) { - if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7413; - } -#endif - - if (ret == 0) { - if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0) - ret = -7414; - } - - if (ret == 0) { - if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7415; - } - - wc_SetCert_Free(&cert); - if (ret == 0) { - if(cert.decodedCert != NULL) - ret = -7416; - } - - XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} -#endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */ - -#define RSA_TEST_BYTES 512 /* up to 4096-bit key */ - -#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) -static int rsa_flatten_test(RsaKey* key) -{ - int ret; - byte e[RSA_TEST_BYTES]; - byte n[RSA_TEST_BYTES]; - word32 eSz = sizeof(e); - word32 nSz = sizeof(n); - - /* Parameter Validation testing. */ - ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7417; - ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7418; - ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7419; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7420; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7421; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); - if (ret != 0) - return -7422; - eSz = 0; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#elif defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) - if (ret != 0) -#else - if (ret != RSA_BUFFER_E) -#endif - return -7423; - eSz = sizeof(e); - nSz = 0; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != RSA_BUFFER_E) -#endif - return -7424; - - return 0; -} -#endif /* NO_ASN */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ - && !defined(WOLFSSL_RSA_VERIFY_ONLY) -static int rsa_export_key_test(RsaKey* key) -{ - int ret; - byte e[3]; - word32 eSz = sizeof(e); - byte n[RSA_TEST_BYTES]; - word32 nSz = sizeof(n); - byte d[RSA_TEST_BYTES]; - word32 dSz = sizeof(d); - byte p[RSA_TEST_BYTES/2]; - word32 pSz = sizeof(p); - byte q[RSA_TEST_BYTES/2]; - word32 qSz = sizeof(q); - word32 zero = 0; - - ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7425; - ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7426; - ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7427; - ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7428; - ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7429; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7430; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7431; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7432; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7433; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); - if (ret != BAD_FUNC_ARG) - return -7434; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); - if (ret != BAD_FUNC_ARG) - return -7435; - - ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7436; - ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7437; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7438; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7439; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); - if (ret != RSA_BUFFER_E) - return -7440; -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != 0) - return -7441; - - return 0; -} -#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */ - -#ifndef NO_SIG_WRAPPER -static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) -{ - int ret; - word32 sigSz; - const byte in[] = "Everyone gets Friday off."; - const byte hash[] = { - 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, - 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, - 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, - 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f - }; - const byte hashEnc[] = { - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, - 0x00, 0x04, 0x20, - - 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, - 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, - 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, - 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f - }; - word32 inLen = (word32)XSTRLEN((char*)in); - byte out[RSA_TEST_BYTES]; - - /* Parameter Validation testing. */ - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7442; - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); - if (ret != BAD_FUNC_ARG) - return -7443; - - sigSz = (word32)modLen; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7444; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - 0, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7445; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, NULL, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7446; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, NULL, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7447; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, NULL, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7448; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, 0, rng); - if (ret != BAD_FUNC_ARG) - return -7449; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, NULL); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#elif defined(WOLFSSL_AFALG_XILINX_RSA) - /* blinding / rng handled with hardware acceleration */ - if (ret != 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) - /* async may not require RNG */ - if (ret != 0 && ret != MISSING_RNG_E) -#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ - !defined(WC_RSA_BLINDING) - /* FIPS140 implementation does not do blinding */ - if (ret != 0) -#elif defined(WOLFSSL_RSA_PUBLIC_ONLY) - if (ret != SIG_TYPE_E) -#elif defined(WOLFSSL_CRYPTOCELL) - /* RNG is handled with the cryptocell */ - if (ret != 0) -#else - if (ret != MISSING_RNG_E) -#endif - return -7450; - sigSz = 0; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7451; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, - inLen, out, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7452; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - 0, out, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7453; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, NULL, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7454; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, 0, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7455; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, NULL, keyLen); - if (ret != BAD_FUNC_ARG) - return -7456; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, 0); - if (ret != BAD_FUNC_ARG) - return -7457; - -#ifndef HAVE_ECC - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); - if (ret != SIG_TYPE_E) - return -7458; -#endif - - /* Use APIs. */ - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); - if (ret != modLen) - return -7459; - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); - if (ret != modLen) - return -7460; - - sigSz = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - XMEMSET(out, 0, sizeof(out)); - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7461; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7462; - - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - in, inLen, out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7463; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - in, inLen, out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7464; - - /* Wrong signature type. */ - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, keyLen); - if (ret == 0) - return -7465; - - /* check hash functions */ - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, - hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7466; - - ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, - hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7467; - - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7468; - - ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7469; -#else - (void)hash; - (void)hashEnc; -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - return 0; -} -#endif /* !NO_SIG_WRAPPER */ - -#ifdef WC_RSA_NONBLOCK -static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out, - word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng) -{ - int ret = 0, count; - int signSz = 0; - RsaNb nb; - byte* inlinePlain = NULL; - - /* Enable non-blocking RSA mode - provide context */ - ret = wc_RsaSetNonBlock(key, &nb); - if (ret != 0) - return ret; - -#ifdef WC_RSA_NONBLOCK_TIME - /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */ - ret = wc_RsaSetNonBlockTime(key, 8, 3100); - if (ret != 0) - return ret; -#endif - - count = 0; - do { - ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block sign: %d times\n", count); -#endif - signSz = ret; - - /* Test non-blocking verify */ - XMEMSET(plain, 0, plainSz); - count = 0; - do { - ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block verify: %d times\n", count); -#endif - - if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) { - return SIG_VERIFY_E; - } - - /* Test inline non-blocking verify */ - count = 0; - do { - ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block inline verify: %d times\n", count); -#endif - - if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) { - return SIG_VERIFY_E; - } - - /* Disabling non-block RSA mode */ - ret = wc_RsaSetNonBlock(key, NULL); - - (void)count; - - return 0; -} -#endif - -#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) -static int rsa_decode_test(RsaKey* keyPub) -{ - int ret; - word32 inSz; - word32 inOutIdx; - static const byte n[2] = { 0x00, 0x23 }; - static const byte e[2] = { 0x00, 0x03 }; - static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, - 0x03 }; - static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, - 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, - 0x02, 0x1, 0x03 }; - static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, - 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, - 0x02, 0x1, 0x03 }; - static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, - 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badNoObj[] = { - 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, - 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, - 0x03 }; - static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, - 0x03 }; - static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, - 0x03 }; - static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, - 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7470; - - /* Parameter Validation testing. */ - ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); - if (ret != BAD_FUNC_ARG) { - ret = -7471; - goto done; - } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); - if (ret != BAD_FUNC_ARG) { - ret = -7472; - goto done; - } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); - if (ret != BAD_FUNC_ARG) { - ret = -7473; - goto done; - } - /* TODO: probably should fail when length is -1! */ - ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); - if (ret != 0) { - ret = -7474; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7475; - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); - if (ret != 0) { - ret = -7476; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7477; - - /* Use API. */ - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); - if (ret != 0) { - ret = -7478; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7479; - - /* Parameter Validation testing. */ - inSz = sizeof(good); - ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7480; - goto done; - } - ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7481; - goto done; - } - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7482; - goto done; - } - - /* Use good data and offset to bad data. */ - inOutIdx = 2; - inSz = sizeof(good) - inOutIdx; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7483; - goto done; - } - inOutIdx = 2; - inSz = sizeof(goodAlgId) - inOutIdx; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7484; - goto done; - } - inOutIdx = 2; - inSz = sizeof(goodAlgId); - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); -#ifndef WOLFSSL_NO_DECODE_EXTRA - if (ret != ASN_PARSE_E) -#else - if (ret != ASN_RSA_KEY_E) -#endif - { - ret = -7485; - goto done; - } - /* Try different bad data. */ - inSz = sizeof(badAlgIdNull); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -7486; - goto done; - } - inSz = sizeof(badNotBitString); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); - if (ret != ASN_BITSTR_E) { - ret = -7487; - goto done; - } - inSz = sizeof(badBitStringLen); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7488; - goto done; - } - inSz = sizeof(badNoSeq); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7489; - goto done; - } - inSz = sizeof(badNoObj); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7490; - goto done; - } - inSz = sizeof(badIntN); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); - if (ret != ASN_RSA_KEY_E) { - ret = -7491; - goto done; - } - inSz = sizeof(badNotIntE); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); - if (ret != ASN_RSA_KEY_E) { - ret = -7492; - goto done; - } - /* TODO: Shouldn't pass as the sequence length is too small. */ - inSz = sizeof(badLength); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7493; - goto done; - } - /* TODO: Shouldn't ignore object id's data. */ - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7494; - - inSz = sizeof(badBitStrNoZero); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -7495; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7496; - - /* Valid data cases. */ - inSz = sizeof(good); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7497; - goto done; - } - if (inOutIdx != inSz) { - ret = -7498; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7499; - - inSz = sizeof(goodAlgId); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7500; - goto done; - } - if (inOutIdx != inSz) { - ret = -7501; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7502; - - inSz = sizeof(goodAlgIdNull); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7503; - goto done; - } - if (inOutIdx != inSz) { - ret = -7504; - goto done; - } - -done: - wc_FreeRsaKey(keyPub); - return ret; -} -#endif - -#ifdef WC_RSA_PSS -static int rsa_pss_test(WC_RNG* rng, RsaKey* key) -{ - byte digest[WC_MAX_DIGEST_SIZE]; - int ret = 0; - const char* inStr = "Everyone gets Friday off."; - word32 inLen = (word32)XSTRLEN((char*)inStr); - word32 outSz; - word32 plainSz; - word32 digestSz; - int i, j; -#ifdef RSA_PSS_TEST_WRONG_PARAMS - int k, l; -#endif - int len; - byte* plain; - int mgf[] = { -#ifndef NO_SHA - WC_MGF1SHA1, -#endif -#ifdef WOLFSSL_SHA224 - WC_MGF1SHA224, -#endif - WC_MGF1SHA256, -#ifdef WOLFSSL_SHA384 - WC_MGF1SHA384, -#endif -#ifdef WOLFSSL_SHA512 - WC_MGF1SHA512 -#endif - }; - enum wc_HashType hash[] = { -#ifndef NO_SHA - WC_HASH_TYPE_SHA, -#endif -#ifdef WOLFSSL_SHA224 - WC_HASH_TYPE_SHA224, -#endif - WC_HASH_TYPE_SHA256, -#ifdef WOLFSSL_SHA384 - WC_HASH_TYPE_SHA384, -#endif -#ifdef WOLFSSL_SHA512 - WC_HASH_TYPE_SHA512, -#endif - }; - - DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT); - - /* Test all combinations of hash and MGF. */ - for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) { - /* Calculate hash of message. */ - ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); - if (ret != 0) - ERROR_OUT(-7505, exit_rsa_pss); - digestSz = wc_HashGetDigestSize(hash[j]); - - for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { - outSz = RSA_TEST_BYTES; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, - hash[j], mgf[i], -1, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7506, exit_rsa_pss); - outSz = ret; - - XMEMCPY(sig, out, outSz); - plain = NULL; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j], - mgf[i], -1, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7507, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - -#ifdef HAVE_SELFTEST - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, - hash[j], -1); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, - hash[j], -1, wc_RsaEncryptSize(key)*8); -#endif - if (ret != 0) - ERROR_OUT(-7508, exit_rsa_pss); - -#ifdef RSA_PSS_TEST_WRONG_PARAMS - for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { - for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) { - if (i == k && j == l) - continue; - - XMEMCPY(sig, out, outSz); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, - (byte**)&plain, hash[l], mgf[k], -1, key); - } - } while (ret == WC_PENDING_E); - if (ret >= 0) - ERROR_OUT(-7509, exit_rsa_pss); - } - } -#endif - } - } - - /* Test that a salt length of zero works. */ - digestSz = wc_HashGetDigestSize(hash[0]); - outSz = RSA_TEST_BYTES; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], 0, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7510, exit_rsa_pss); - outSz = ret; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0], - 0, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7511, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { -#ifdef HAVE_SELFTEST - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, - hash[0], 0); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, - hash[0], 0, 0); -#endif - } - } while (ret == WC_PENDING_E); - if (ret != 0) - ERROR_OUT(-7512, exit_rsa_pss); - - XMEMCPY(sig, out, outSz); - plain = NULL; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], - 0, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7513, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - -#ifdef HAVE_SELFTEST - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - 0); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - 0, 0); -#endif - if (ret != 0) - ERROR_OUT(-7514, exit_rsa_pss); - - /* Test bad salt lengths in various APIs. */ - digestSz = wc_HashGetDigestSize(hash[0]); - outSz = RSA_TEST_BYTES; -#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - len = -2; -#else - len = -3; -#endif - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], len, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7515, exit_rsa_pss); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], digestSz + 1, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7516, exit_rsa_pss); - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], - mgf[0], -2, key); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7517, exit_rsa_pss); - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], - digestSz + 1, key); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7518, exit_rsa_pss); - TEST_SLEEP(); - -#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - len = -2; -#else - len = -3; -#endif -#ifdef HAVE_SELFTEST - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len, 0); -#endif - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7519, exit_rsa_pss); -#ifndef WOLFSSL_PSS_LONG_SALT - len = digestSz + 1; -#else - len = plainSz - digestSz - 1; -#endif -#ifdef HAVE_SELFTEST - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len, 0); -#endif - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7520, exit_rsa_pss); - - ret = 0; -exit_rsa_pss: - FREE_VAR(sig, HEAP_HINT); - FREE_VAR(in, HEAP_HINT); - FREE_VAR(out, HEAP_HINT); - - return ret; -} -#endif - -#ifdef WC_RSA_NO_PADDING -int rsa_no_pad_test(void) -{ - WC_RNG rng; - RsaKey key; - byte* tmp; - size_t bytes; - int ret; - word32 inLen = 0; - word32 idx = 0; - word32 outSz = RSA_TEST_BYTES; - word32 plainSz = RSA_TEST_BYTES; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_FILESYSTEM) - XFILE file; -#endif - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); - - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(&key, 0, sizeof(key)); -#ifdef USE_CERT_BUFFERS_1024 - bytes = (size_t)sizeof_client_key_der_1024; - if (bytes < (size_t)sizeof_client_cert_der_1024) - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - bytes = (size_t)sizeof_client_key_der_2048; - if (bytes < (size_t)sizeof_client_cert_der_2048) - bytes = (size_t)sizeof_client_cert_der_2048; -#else - bytes = FOURK_BUF; -#endif - - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL - #ifdef WOLFSSL_ASYNC_CRYPT - || out == NULL || plain == NULL - #endif - ) { - ERROR_OUT(-7600, exit_rsa_nopadding); - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(clientKey, "rb"); - if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7601, exit_rsa_nopadding); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No key to use. */ - ERROR_OUT(-7602, exit_rsa_nopadding); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7603, exit_rsa_nopadding); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7604, exit_rsa_nopadding); - } - - /* after loading in key use tmp as the test buffer */ - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7605, exit_rsa_nopadding); - } - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - inLen = wc_RsaEncryptSize(&key); - outSz = inLen; - plainSz = inLen; - XMEMSET(tmp, 7, inLen); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaDirect(tmp, inLen, out, &outSz, &key, - RSA_PRIVATE_ENCRYPT, &rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) { - ERROR_OUT(-7606, exit_rsa_nopadding); - } - - /* encrypted result should not be the same as input */ - if (XMEMCMP(out, tmp, inLen) == 0) { - ERROR_OUT(-7607, exit_rsa_nopadding); - } - TEST_SLEEP(); - - /* decrypt with public key and compare result */ - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, - RSA_PUBLIC_DECRYPT, &rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) { - ERROR_OUT(-7608, exit_rsa_nopadding); - } - - if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-7609, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif - -#ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(NULL, &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7610, exit_rsa_nopadding); - } - - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - ERROR_OUT(-7611, exit_rsa_nopadding); - } -#endif - - /* test encrypt and decrypt using WC_RSA_NO_PAD */ -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, &key, &rng, - WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7612, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, &key, - WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7613, exit_rsa_nopadding); - } - - if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-7614, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - /* test some bad arguments */ - ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, - &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7615, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, - &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7616, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT, - &rng); - if (ret != LENGTH_ONLY_E || plainSz != inLen) { - ERROR_OUT(-7617, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key, - RSA_PUBLIC_DECRYPT, &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7618, exit_rsa_nopadding); - } - - /* if making it to this point of code without hitting an ERROR_OUT then - * all tests have passed */ - ret = 0; - -exit_rsa_nopadding: - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - FREE_VAR(out, HEAP_HINT); - FREE_VAR(plain, HEAP_HINT); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - - return ret; -} -#endif /* WC_RSA_NO_PADDING */ - -#ifdef WOLFSSL_CERT_GEN -static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) -{ - RsaKey caKey; - byte* der; - byte* pem = NULL; - int ret; - Cert* myCert = NULL; - int certSz; - size_t bytes3; - word32 idx3 = 0; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE file3; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif -#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) - struct tm beforeTime; - struct tm afterTime; -#endif - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - - (void)keypub; - - XMEMSET(&caKey, 0, sizeof(caKey)); - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7619, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7620, exit_rsa); - } - myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (myCert == NULL) { - ERROR_OUT(-7621, exit_rsa); - } - - /* self signed */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7622, exit_rsa); - } - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); - myCert->serialSz = (int)sizeof(mySerial); - myCert->isCA = 1; -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { - ERROR_OUT(-7623, exit_rsa); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { - ERROR_OUT(-7624, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) { - ERROR_OUT(-7625, exit_rsa); - } -#ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-7626, exit_rsa); - } - } -#endif /* WOLFSSL_EKU_OID */ -#endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7627, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7628, exit_rsa); - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certDerFile, - certPemFile, CERT_TYPE, -5578); - if (ret != 0) { - goto exit_rsa; - } - - /* Setup Certificate */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7629, exit_rsa); - } - -#ifdef WOLFSSL_ALT_NAMES - /* Get CA Cert for testing */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); - bytes3 = sizeof_ca_cert_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); - bytes3 = sizeof_ca_cert_der_2048; - #else - file3 = XFOPEN(rsaCaCertDerFile, "rb"); - if (!file3) { - ERROR_OUT(-7630, exit_rsa); - } - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); - #endif /* USE_CERT_BUFFERS */ - - #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \ - !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) - ret = wc_SetAltNames(myCert, rsaCaCertFile); - if (ret != 0) { - ERROR_OUT(-7631, exit_rsa); - } - #endif - /* get alt names from der */ - ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-7632, exit_rsa); - } - - /* get dates from der */ - ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-7633, exit_rsa); - } - - #ifndef NO_ASN_TIME - ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); - if (ret < 0) { - ERROR_OUT(-7634, exit_rsa); - } - #endif -#endif /* WOLFSSL_ALT_NAMES */ - - /* Get CA Key */ -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; -#else - file3 = XFOPEN(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-7635, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7636, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7637, exit_rsa); - } - -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb =1; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) { - ERROR_OUT(-7638, exit_rsa); - } - - /* add AKID from the CA certificate */ -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); -#endif - if (ret != 0) { - ERROR_OUT(-7639, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) { - ERROR_OUT(-7640, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetIssuer(myCert, rsaCaCertFile); -#endif - if (ret < 0) { - ERROR_OUT(-7641, exit_rsa); - } - - certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); - if (certSz < 0) { - ERROR_OUT(-7642, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, - &caKey, NULL, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7643, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7644, exit_rsa); - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, otherCertDerFile, - otherCertPemFile, CERT_TYPE, -5598); - if (ret != 0) { - goto exit_rsa; - } - -exit_rsa: - wc_FreeRsaKey(&caKey); - - XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} -#endif - -#if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) -/* Make Cert / Sign example for ECC cert and RSA CA */ -static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) -{ - RsaKey caKey; - ecc_key caEccKey; - ecc_key caEccKeyPub; - byte* der; - byte* pem = NULL; - Cert* myCert = NULL; - int certSz; - size_t bytes3; - word32 idx3 = 0; -#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ - || !defined(USE_CERT_BUFFERS_256) - XFILE file3; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif - int ret; - - XMEMSET(&caKey, 0, sizeof(caKey)); - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7645, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7646, exit_rsa); - } - myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (myCert == NULL) { - ERROR_OUT(-7647, exit_rsa); - } - - /* Get CA Key */ -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; -#else - file3 = XFOPEN(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-7648, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7649, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7650, exit_rsa); - } - - /* Get Cert Key */ -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); - bytes3 = sizeof_ecc_key_pub_der_256; -#else - file3 = XFOPEN(eccKeyPubFile, "rb"); - if (!file3) { - ERROR_OUT(-7651, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif - - ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7652, exit_rsa); - } - - idx3 = 0; - ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7653, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7654, exit_rsa); - } - -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) { - ERROR_OUT(-7655, exit_rsa); - } - - /* add AKID from the CA certificate */ -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); -#endif - if (ret != 0) { - ERROR_OUT(-7656, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) { - ERROR_OUT(-7657, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetIssuer(myCert, rsaCaCertFile); -#endif - if (ret < 0) { - ERROR_OUT(-7658, exit_rsa); - } - - certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng); - if (certSz < 0) { - ERROR_OUT(-7659, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, - FOURK_BUF, &caKey, NULL, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7660, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7661, exit_rsa); - - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccRsaDerFile, - certEccRsaPemFile, CERT_TYPE, -5616); - if (ret != 0) { - goto exit_rsa; - } - -exit_rsa: - wc_FreeRsaKey(&caKey); - wc_ecc_free(&caEccKey); - wc_ecc_free(&caEccKeyPub); - - XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - myCert = NULL; - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - - if (ret >= 0) - ret = 0; - return ret; -} -#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ - -#ifdef WOLFSSL_KEY_GEN -static int rsa_keygen_test(WC_RNG* rng) -{ - RsaKey genKey; - int ret; - byte* der = NULL; - byte* pem = NULL; - word32 idx = 0; - int derSz = 0; -#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) - int keySz = 1024; -#else - int keySz = 2048; -#endif - - XMEMSET(&genKey, 0, sizeof(genKey)); - - ret = wc_InitRsaKey_ex(&genKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7662, exit_rsa); - } - - ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &genKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7663, exit_rsa); - } - TEST_SLEEP(); - - /* If not using old FIPS, or not using FAST or USER RSA... */ - #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ - (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) - ret = wc_CheckRsaKey(&genKey); - if (ret != 0) { - ERROR_OUT(-7664, exit_rsa); - } - #endif - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7665, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7666, exit_rsa); - } - - derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - ERROR_OUT(-7667, exit_rsa); - } - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, keyPemFile, - PRIVATEKEY_TYPE, -5555); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&genKey); - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7668, exit_rsa); - } - idx = 0; -#if !defined(WOLFSSL_CRYPTOCELL) - /* The private key part of the key gen pairs from cryptocell can't be exported */ - ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); - if (ret != 0) { - ERROR_OUT(-7669, exit_rsa); - } -#endif /* WOLFSSL_CRYPTOCELL */ - -exit_rsa: - wc_FreeRsaKey(&genKey); - if (pem != NULL) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - } - if (der != NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } - - return ret; -} -#endif - -int rsa_test(void) -{ - int ret; - byte* tmp; - byte* der = NULL; - byte* pem = NULL; - size_t bytes; - WC_RNG rng; - RsaKey key; -#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - RsaKey keypub; -#endif -#if defined(HAVE_NTRU) - RsaKey caKey; -#endif -#if !defined(NO_ASN) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) \ - || defined(WOLFSSL_PUBLIC_MP) - word32 idx = 0; -#endif -#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ - !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - const char* inStr = "Everyone gets Friday off."; - word32 inLen = (word32)XSTRLEN((char*)inStr); - const word32 outSz = RSA_TEST_BYTES; - const word32 plainSz = RSA_TEST_BYTES; -#endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - byte* res; -#endif -#ifndef NO_SIG_WRAPPER - int modLen; -#endif -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_FILESYSTEM) - XFILE file; - XFILE file2; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert cert; -#endif - -#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ - !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - if (in == NULL) - return MEMORY_E; -#endif - - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(&key, 0, sizeof(key)); -#ifdef WOLFSSL_CERT_EXT - XMEMSET(&keypub, 0, sizeof(keypub)); -#endif -#if defined(HAVE_NTRU) - XMEMSET(&caKey, 0, sizeof(caKey)); -#endif - -#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) - ret = rsa_decode_test(&key); - if (ret != 0) - return ret; -#endif - -#ifdef USE_CERT_BUFFERS_1024 - bytes = (size_t)sizeof_client_key_der_1024; - if (bytes < (size_t)sizeof_client_cert_der_1024) - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - bytes = (size_t)sizeof_client_key_der_2048; - if (bytes < (size_t)sizeof_client_cert_der_2048) - bytes = (size_t)sizeof_client_cert_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - bytes = (size_t)sizeof_client_key_der_3072; - if (bytes < (size_t)sizeof_client_cert_der_3072) - bytes = (size_t)sizeof_client_cert_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - bytes = (size_t)sizeof_client_key_der_4096; - if (bytes < (size_t)sizeof_client_cert_der_4096) - bytes = (size_t)sizeof_client_cert_der_4096; -#else - bytes = FOURK_BUF; -#endif - - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL - #ifdef WOLFSSL_ASYNC_CRYPT - || out == NULL || plain == NULL - #endif - ) { - return -7700; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(clientKey, "rb"); - if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7701, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No key to use. */ - ERROR_OUT(-7702, exit_rsa); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7703, exit_rsa); - } -#ifndef NO_ASN - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7704, exit_rsa); - } -#ifndef NO_SIG_WRAPPER - modLen = wc_RsaEncryptSize(&key); -#endif -#else - #ifdef USE_CERT_BUFFERS_2048 - ret = mp_read_unsigned_bin(&key.n, &tmp[12], 256); - if (ret != 0) { - ERROR_OUT(-7705, exit_rsa); - } - ret = mp_set_int(&key.e, WC_RSA_EXPONENT); - if (ret != 0) { - ERROR_OUT(-7706, exit_rsa); - } -#ifndef NO_SIG_WRAPPER - modLen = 2048; -#endif - #else - #error Not supported yet! - #endif -#endif - -#ifndef WC_NO_RNG -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7707, exit_rsa); - } -#endif - -#ifndef NO_SIG_WRAPPER - ret = rsa_sig_test(&key, sizeof(RsaKey), modLen, &rng); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef WC_RSA_NONBLOCK - ret = rsa_nb_test(&key, in, inLen, out, outSz, plain, plainSz, &rng); - if (ret != 0) - goto exit_rsa; -#endif - -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7708, exit_rsa); - } - TEST_SLEEP(); - -#ifdef WC_RSA_BLINDING - { - int tmpret = ret; - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - ERROR_OUT(-7709, exit_rsa); - } - ret = tmpret; - } -#endif - - idx = (word32)ret; /* save off encrypted length */ - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, &key); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7710, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7711, exit_rsa); - } - TEST_SLEEP(); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecryptInline(out, idx, &res, &key); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7712, exit_rsa); - } - if (ret != (int)inLen) { - ERROR_OUT(-7713, exit_rsa); - } - if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-7714, exit_rsa); - } - TEST_SLEEP(); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7715, exit_rsa); - } - TEST_SLEEP(); - -#elif defined(WOLFSSL_PUBLIC_MP) - (void)outSz; - (void)inLen; - (void)res; - { - byte signature_2048[] = { - 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79, - 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe, - 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda, - 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30, - 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e, - 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1, - 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47, - 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc, - 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4, - 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f, - 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5, - 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05, - 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95, - 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a, - 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1, - 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45, - 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5, - 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b, - 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9, - 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c, - 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04, - 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef, - 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72, - 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b, - 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00, - 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d, - 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e, - 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20, - 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61, - 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98, - 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff, - 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b - }; - ret = sizeof(signature_2048); - XMEMCPY(out, signature_2048, ret); - } -#endif - -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - idx = (word32)ret; - XMEMSET(plain, 0, plainSz); - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { -#ifndef WOLFSSL_RSA_VERIFY_INLINE - -#if defined(WOLFSSL_CRYPTOCELL) - /* - Cryptocell requires the input data and signature byte array to verify. - - first argument must be the input data - second argument must be the length of input data - third argument must be the signature byte array or the output from - wc_RsaSSL_Sign() - fourth argument must be the length of the signature byte array - */ - - ret = wc_RsaSSL_Verify(in, inLen, out, outSz, &key); -#else - ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); -#endif /* WOLFSSL_CRYPTOCELL */ -#else - byte* dec = NULL; - ret = wc_RsaSSL_VerifyInline(out, idx, &dec, &key); - if (ret > 0) { - XMEMCPY(plain, dec, ret); - } -#endif - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7716, exit_rsa); - } - - if (XMEMCMP(plain, in, (size_t)ret)) { - ERROR_OUT(-7717, exit_rsa); - } - TEST_SLEEP(); -#endif - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - /* OAEP padding testing */ - #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ - (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) - #ifndef NO_SHA - XMEMSET(plain, 0, plainSz); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7718, exit_rsa); - } - TEST_SLEEP(); - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - idx = (word32)ret; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7719, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7720, exit_rsa); - } - TEST_SLEEP(); - #endif /* NO_SHA */ -#endif - - #ifndef NO_SHA256 - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7721, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7722, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7723, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7724, exit_rsa); - } - if (ret != (int)inLen) { - ERROR_OUT(-7725, exit_rsa); - } - if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-7726, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - /* check fails if not using the same optional label */ - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7727, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLFSSL_CRYPTOCELL) -/* label is unused in cryptocell so it won't detect decrypt error due to label */ - idx = (word32)ret; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret > 0) { /* in this case decrypt should fail */ - ERROR_OUT(-7728, exit_rsa); - } - ret = 0; - TEST_SLEEP(); -#endif /* !HAVE_CAVIUM */ - - /* check using optional label with encrypt/decrypt */ - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7729, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7730, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7731, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - #ifndef NO_SHA - /* check fail using mismatch hash algorithms */ - XMEMSET(plain, 0, plainSz); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7732, exit_rsa); - } - TEST_SLEEP(); - -/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLFSSL_CRYPTOCELL) - idx = (word32)ret; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, - in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret > 0) { /* should fail */ - ERROR_OUT(-7733, exit_rsa); - } - ret = 0; - TEST_SLEEP(); - #endif /* !HAVE_CAVIUM */ - #endif /* NO_SHA */ -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ -#endif /* NO_SHA256 */ - -#ifdef WOLFSSL_SHA512 - /* Check valid RSA key size is used while using hash length of SHA512 - If key size is less than (hash length * 2) + 2 then is invalid use - and test, since OAEP padding requires this. - BAD_FUNC_ARG is returned when this case is not met */ - if (wc_RsaEncryptSize(&key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) { - XMEMSET(plain, 0, plainSz); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7734, exit_rsa); - } - TEST_SLEEP(); - - idx = ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7735, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7736, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - } -#endif /* WOLFSSL_SHA512 */ - - /* check using pkcsv15 padding with _ex API */ - XMEMSET(plain, 0, plainSz); - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7737, exit_rsa); - } - TEST_SLEEP(); - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7738, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7739, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ - #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ - && !defined(WOLFSSL_RSA_VERIFY_ONLY) - ret = rsa_export_key_test(&key); - if (ret != 0) - return ret; -#endif - -#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - ret = rsa_flatten_test(&key); - if (ret != 0) - return ret; -#endif - -#if defined(WOLFSSL_MDK_ARM) - #define sizeof(s) XSTRLEN((char *)(s)) -#endif - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024); - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048); - bytes = (size_t)sizeof_client_cert_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072); - bytes = (size_t)sizeof_client_cert_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096); - bytes = (size_t)sizeof_client_cert_der_4096; -#elif !defined(NO_FILESYSTEM) - file2 = XFOPEN(clientCert, "rb"); - if (!file2) { - ERROR_OUT(-7740, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file2); - XFCLOSE(file2); -#else - /* No certificate to use. */ - ERROR_OUT(-7741, exit_rsa); -#endif - -#ifdef sizeof - #undef sizeof -#endif - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&cert); - ERROR_OUT(-7742, exit_rsa); - } - - FreeDecodedCert(&cert); -#else - (void)bytes; -#endif - -#ifdef WOLFSSL_CERT_EXT - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - bytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - bytes = sizeof_client_keypub_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072); - bytes = sizeof_client_keypub_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096); - bytes = sizeof_client_keypub_der_4096; -#else - file = XFOPEN(clientKeyPub, "rb"); - if (!file) { - err_sys("can't open ./certs/client-keyPub.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7743, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&keypub, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7744, exit_rsa); - } - idx = 0; - - ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7745, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef WOLFSSL_KEY_GEN - ret = rsa_keygen_test(&rng); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef WOLFSSL_CERT_GEN - /* Make Cert / Sign example for RSA cert and RSA CA */ - ret = rsa_certgen_test(&key, &keypub, &rng, tmp); - if (ret != 0) - goto exit_rsa; - -#if !defined(NO_RSA) && defined(HAVE_ECC) - ret = rsa_ecc_certgen_test(&rng, tmp); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef HAVE_NTRU - { - Cert myCert; - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE caFile; - #endif - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - XFILE ntruPrivFile; - #endif - int certSz; - word32 idx3 = 0; - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - byte public_key[557]; /* sized for EES401EP2 */ - word16 public_key_len; /* no. of octets in public key */ - byte private_key[607]; /* sized for EES401EP2 */ - word16 private_key_len; /* no. of octets in private key */ - DRBG_HANDLE drbg; - static uint8_t const pers_str[] = { - 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' - }; - word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, - sizeof(pers_str), GetEntropy, &drbg); - if (rc != DRBG_OK) { - ERROR_OUT(-7746, exit_rsa); - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, NULL, - &private_key_len, NULL); - if (rc != NTRU_OK) { - ERROR_OUT(-7747, exit_rsa); - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, public_key, - &private_key_len, private_key); - if (rc != NTRU_OK) { - ERROR_OUT(-7748, exit_rsa); - } - - rc = ntru_crypto_drbg_uninstantiate(drbg); - if (rc != NTRU_OK) { - ERROR_OUT(-7749, exit_rsa); - } - - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes = sizeof_ca_key_der_2048; - #else - caFile = XFOPEN(rsaCaKeyFile, "rb"); - if (!caFile) { - ERROR_OUT(-7750, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, caFile); - XFCLOSE(caFile); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7751, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7752, exit_rsa); - } - - if (wc_InitCert(&myCert)) { - ERROR_OUT(-7753, exit_rsa); - } - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - myCert.daysValid = 1000; - - #ifdef WOLFSSL_CERT_EXT - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, - public_key_len) != 0) { - ERROR_OUT(-7754, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-7755, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) { - ERROR_OUT(-7756, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-7757, exit_rsa); - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7758, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7759, exit_rsa); - } - - certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, - public_key_len, &rng); - if (certSz < 0) { - ERROR_OUT(-7760, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF, - &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - wc_FreeRsaKey(&caKey); - if (ret < 0) { - ERROR_OUT(-7761, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7762, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, "./ntru-cert.der", - "./ntru-cert.pem", CERT_TYPE, -5637); - if (ret != 0) { - goto exit_rsa; - } - - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - ntruPrivFile = XFOPEN("./ntru-key.raw", "wb"); - if (!ntruPrivFile) { - ERROR_OUT(-7763, exit_rsa); - } - ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile); - XFCLOSE(ntruPrivFile); - if (ret != private_key_len) { - ERROR_OUT(-7764, exit_rsa); - } - #endif - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* HAVE_NTRU */ -#ifdef WOLFSSL_CERT_REQ - { - Cert req; - int derSz; - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7765, exit_rsa); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-7766, exit_rsa); - } - - if (wc_InitCert(&req)) { - ERROR_OUT(-7767, exit_rsa); - } - - req.version = 0; - req.isCA = 1; - XSTRNCPY(req.challengePw, "wolf123", CTC_NAME_SIZE); - XMEMCPY(&req.subject, &certDefaultName, sizeof(CertName)); - - #ifndef NO_SHA256 - req.sigType = CTC_SHA256wRSA; - #else - req.sigType = CTC_SHAwRSA; - #endif - - #ifdef WOLFSSL_CERT_EXT - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { - ERROR_OUT(-7768, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&req, certKeyUsage2) != 0) { - ERROR_OUT(-7769, exit_rsa); - } - - /* add Extended Key Usage */ - if (wc_SetExtKeyUsage(&req, "serverAuth,clientAuth,codeSigning," - "emailProtection,timeStamping,OCSPSigning") != 0) { - ERROR_OUT(-7770, exit_rsa); - } - #ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-7771, exit_rsa); - } - } - #endif /* WOLFSSL_EKU_OID */ - #endif /* WOLFSSL_CERT_EXT */ - - derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) { - ERROR_OUT(-7772, exit_rsa); - } - - #ifdef WOLFSSL_CERT_EXT - /* Try again with "any" flag set, will override all others */ - if (wc_SetExtKeyUsage(&req, "any") != 0) { - ERROR_OUT(-7773, exit_rsa); - } - derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) { - ERROR_OUT(-7774, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(req.bodySz, req.sigType, der, FOURK_BUF, - &key, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7775, exit_rsa); - } - derSz = ret; - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, certReqDerFile, - certReqPemFile, CERTREQ_TYPE, -5650); - if (ret != 0) { - goto exit_rsa; - } - - derSz = wc_MakeCertReq_ex(&req, der, FOURK_BUF, RSA_TYPE, &key); - if (derSz < 0) { - ERROR_OUT(-7776, exit_rsa); - } - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* WOLFSSL_CERT_REQ */ -#endif /* WOLFSSL_CERT_GEN */ - -#ifdef WC_RSA_PSS - ret = rsa_pss_test(&rng, &key); -#endif - -exit_rsa: - wc_FreeRsaKey(&key); -#ifdef WOLFSSL_CERT_EXT - wc_FreeRsaKey(&keypub); -#endif -#if defined(HAVE_NTRU) - wc_FreeRsaKey(&caKey); -#endif - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - FREE_VAR(in, HEAP_HINT); - FREE_VAR(out, HEAP_HINT); - FREE_VAR(plain, HEAP_HINT); - - /* ret can be greater then 0 with certgen but all negative values should - * be returned and treated as an error */ - if (ret >= 0) { - return 0; - } - else { - return ret; - } -} - -#endif /* !NO_RSA */ - - -#ifndef NO_DH - -static int dh_fips_generate_test(WC_RNG *rng) -{ - int ret = 0; - DhKey key; - static byte p[] = { - 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - }; - static byte g[] = { - 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - }; - static byte q[] = { - 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - }; - static byte q0[] = { - 0x00, - 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - }; - byte priv[256]; - byte pub[256]; - word32 privSz = sizeof(priv); - word32 pubSz = sizeof(pub); - - /* Parameter Validation testing. */ - ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7777; - ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7778; - ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7779; - ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7780; - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7781; - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL); - if (ret != BAD_FUNC_ARG) - return -7782; - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7783; - - ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); - if (ret != 0) { - ERROR_OUT(-7784, exit_gen_test); - } - - wc_FreeDhKey(&key); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7785; - - ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); - if (ret != 0) { - ERROR_OUT(-7786, exit_gen_test); - } - - /* Use API. */ - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7787, exit_gen_test); - } - - ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0)); - if (ret != 0) { - ERROR_OUT(-7788, exit_gen_test); - } - - wc_FreeDhKey(&key); - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7789; - - ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g)); - if (ret != 0) { - ERROR_OUT(-7790, exit_gen_test); - } - - ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q)); - if (ret != 0) { - ERROR_OUT(-7791, exit_gen_test); - } - -#ifndef HAVE_SELFTEST - ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); - if (ret != 0) { - ERROR_OUT(-7792, exit_gen_test); - } - - /* Taint the public key so the check fails. */ - pub[0]++; - ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); - if (ret != MP_CMP_E) { - ERROR_OUT(-7793, exit_gen_test); - } - -#ifdef WOLFSSL_KEY_GEN - wc_FreeDhKey(&key); - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7794; - - ret = wc_DhGenerateParams(rng, 2048, &key); - if (ret != 0) { - ERROR_OUT(-7795, exit_gen_test); - } - - privSz = sizeof(priv); - pubSz = sizeof(pub); - - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7796, exit_gen_test); - } - -#endif /* WOLFSSL_KEY_GEN */ -#endif /* HAVE_SELFTEST */ - - ret = 0; - -exit_gen_test: - wc_FreeDhKey(&key); - - return ret; -} - -static int dh_generate_test(WC_RNG *rng) -{ - int ret = 0; - DhKey smallKey; - byte p[2] = { 0, 5 }; - byte g[2] = { 0, 2 }; -#ifndef WOLFSSL_SP_MATH -#ifdef WOLFSSL_DH_CONST - /* the table for constant DH lookup will round to the lowest byte size 21 */ - byte priv[21]; - byte pub[21]; -#else - byte priv[2]; - byte pub[2]; -#endif - word32 privSz = sizeof(priv); - word32 pubSz = sizeof(pub); -#endif - - ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId); - if (ret != 0) - return -7797; - - /* Parameter Validation testing. */ - ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); - if (ret != BAD_FUNC_ARG) - return -7798; - wc_FreeDhKey(NULL); - - ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7799, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7800, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7801, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7802, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7803, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g)); - if (ret != 0) { - ERROR_OUT(-7804, exit_gen_test); - } - -#ifndef WOLFSSL_SP_MATH - /* Use API. */ - ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ret = -7805; - } -#else - (void)rng; - ret = 0; -#endif - -exit_gen_test: - wc_FreeDhKey(&smallKey); - - return ret; -} - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -typedef struct dh_pubvalue_test { - const byte* data; - word32 len; -} dh_pubvalue_test; - -static int dh_test_check_pubvalue(void) -{ - int ret; - word32 i; - const byte prime[] = {0x01, 0x00, 0x01}; - const byte pubValZero[] = { 0x00 }; - const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 }; - const byte pubValOne[] = { 0x01 }; - const byte pubValOneLong[] = { 0x00, 0x00, 0x01 }; - const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 }; - const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01}; - const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 }; - const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 }; - const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 }; - const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 }; - const dh_pubvalue_test dh_pubval_fail[] = { - { prime, sizeof(prime) }, - { pubValZero, sizeof(pubValZero) }, - { pubValZeroLong, sizeof(pubValZeroLong) }, - { pubValOne, sizeof(pubValOne) }, - { pubValOneLong, sizeof(pubValOneLong) }, - { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) }, - { pubValPrimeLong, sizeof(pubValPrimeLong) }, - { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) }, - { pubValTooBig0, sizeof(pubValTooBig0) }, - { pubValTooBig1, sizeof(pubValTooBig1) }, - { pubValTooLong, sizeof(pubValTooLong) }, - }; - const byte pubValTwo[] = { 0x02 }; - const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 }; - const byte pubValGood[] = { 0x12, 0x34 }; - const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 }; - const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 }; - const dh_pubvalue_test dh_pubval_pass[] = { - { pubValTwo, sizeof(pubValTwo) }, - { pubValTwoLong, sizeof(pubValTwoLong) }, - { pubValGood, sizeof(pubValGood) }, - { pubValGoodLen, sizeof(pubValGoodLen) }, - { pubValGoodLong, sizeof(pubValGoodLong) }, - }; - - for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) { - ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data, - dh_pubval_fail[i].len); - if (ret != MP_VAL) - return -7806 - (int)i; - } - - for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) { - ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data, - dh_pubval_pass[i].len); - if (ret != 0) - return -7816 - (int)i; - } - - return 0; -} -#endif - -#if defined(HAVE_FFDHE) - -#ifdef HAVE_FFDHE_3072 - #define FFDHE_KEY_SIZE (3072/8) -#else - #define FFDHE_KEY_SIZE (2048/8) -#endif - -static int dh_test_ffdhe(WC_RNG *rng, const DhParams* params) -{ - int ret; - word32 privSz, pubSz, privSz2, pubSz2; - byte priv[FFDHE_KEY_SIZE]; - byte pub[FFDHE_KEY_SIZE]; - byte priv2[FFDHE_KEY_SIZE]; - byte pub2[FFDHE_KEY_SIZE]; - byte agree[FFDHE_KEY_SIZE]; - byte agree2[FFDHE_KEY_SIZE]; - word32 agreeSz = (word32)sizeof(agree); - word32 agreeSz2 = (word32)sizeof(agree2); - DhKey key; - DhKey key2; - - XMEMSET(&key, 0, sizeof(DhKey)); - XMEMSET(&key2, 0, sizeof(DhKey)); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7826, done); - } - ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7827, done); - } - - ret = wc_DhSetKey(&key, params->p, params->p_len, params->g, params->g_len); - if (ret != 0) { - ERROR_OUT(-7828, done); - } - - ret = wc_DhSetKey(&key2, params->p, params->p_len, params->g, - params->g_len); - if (ret != 0) { - ERROR_OUT(-7829, done); - } - - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7830, done); - } - - ret = wc_DhGenerateKeyPair(&key2, rng, priv2, &privSz2, pub2, &pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7831, done); - } - - ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7832, done); - } - - ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7833, done); - } - - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-7834, done); - } - -done: - wc_FreeDhKey(&key); - wc_FreeDhKey(&key2); - return ret; -} - -#endif /* HAVE_FFDHE */ - -int dh_test(void) -{ - int ret; - word32 bytes; - word32 idx = 0, privSz, pubSz, privSz2, pubSz2; - byte tmp[1024]; -#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - byte priv[256]; - byte pub[256]; - byte priv2[256]; - byte pub2[256]; - byte agree[256]; - byte agree2[256]; -#else - byte priv[512]; - byte pub[512]; - byte priv2[512]; - byte pub2[512]; - byte agree[512]; - byte agree2[512]; -#endif - word32 agreeSz = (word32)sizeof(agree); - word32 agreeSz2 = (word32)sizeof(agree2); - DhKey key; - DhKey key2; - WC_RNG rng; - int keyInit = 0; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024); - bytes = (size_t)sizeof_dh_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); - bytes = (size_t)sizeof_dh_key_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); - bytes = (size_t)sizeof_dh_key_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); - bytes = (size_t)sizeof_dh_key_der_4096; -#elif defined(NO_ASN) - /* don't use file, no DER parsing */ -#elif !defined(NO_FILESYSTEM) - XFILE file = XFOPEN(dhKey, "rb"); - if (!file) - return -7900; - - bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); -#else - /* No DH key to use. */ - return -7901; -#endif /* USE_CERT_BUFFERS */ - - (void)idx; - (void)tmp; - (void)bytes; - - /* Use API for coverage. */ - ret = wc_InitDhKey(&key); - if (ret != 0) { - ERROR_OUT(-7902, done); - } - wc_FreeDhKey(&key); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7903, done); - } - keyInit = 1; - ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7904, done); - } - -#ifdef NO_ASN - ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); - if (ret != 0) { - ERROR_OUT(-7905, done); - } - - ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); - if (ret != 0) { - ERROR_OUT(-7906, done); - } -#else - ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) { - ERROR_OUT(-7907, done); - } - - idx = 0; - ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes); - if (ret != 0) { - ERROR_OUT(-7908, done); - } -#endif - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7909, done); - } - - ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7910, done); - } - - ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7911, done); - } - - ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7912, done); - } - - ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7913, done); - } - - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-7914, done); - } - -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG) - return -7915; - - if (wc_DhCheckPrivKey(&key, priv, privSz) != 0) - return -7916; - - if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG) - return -7917; - { - word32 pSz, qSz, gSz; - if (wc_DhExportParamsRaw(&key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E) - return -7918; - } -#endif - - ret = dh_generate_test(&rng); - if (ret == 0) - ret = dh_fips_generate_test(&rng); -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - if (ret == 0) - ret = dh_test_check_pubvalue(); -#endif - - /* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */ - #ifdef HAVE_FFDHE_2048 - if (ret == 0) { - ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe2048_Get()); - if (ret != 0) - printf("error with FFDHE 2048\n"); - } - #endif - #ifdef HAVE_FFDHE_3072 - if (ret == 0) { - ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe3072_Get()); - if (ret != 0) - printf("error with FFDHE 3072\n"); - } - #endif - - wc_FreeDhKey(&key); - keyInit = 0; - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) - if (ret == 0) { - /* Test Check Key */ - ret = wc_DhSetCheckKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g), - NULL, 0, 0, &rng); - keyInit = 1; /* DhSetCheckKey also initializes the key, free it */ - } -#endif - -done: - - if (keyInit) - wc_FreeDhKey(&key); - wc_FreeDhKey(&key2); - wc_FreeRng(&rng); - - return ret; -} - -#endif /* NO_DH */ - - -#ifndef NO_DSA - -int dsa_test(void) -{ - int ret, answer; - word32 bytes; - word32 idx = 0; - byte tmp[1024]; - DsaKey key; - WC_RNG rng; - wc_Sha sha; - byte hash[WC_SHA_DIGEST_SIZE]; - byte signature[40]; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); - bytes = sizeof_dsa_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); - bytes = sizeof_dsa_key_der_2048; -#else - XFILE file = XFOPEN(dsaKey, "rb"); - if (!file) - return -8000; - - bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -8001; - wc_ShaUpdate(&sha, tmp, bytes); - wc_ShaFinal(&sha, hash); - wc_ShaFree(&sha); - - ret = wc_InitDsaKey(&key); - if (ret != 0) return -8002; - - ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) return -8003; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) return -8004; - - ret = wc_DsaSign(hash, signature, &key, &rng); - if (ret != 0) return -8005; - - ret = wc_DsaVerify(hash, signature, &key, &answer); - if (ret != 0) return -8006; - if (answer != 1) return -8007; - - wc_FreeDsaKey(&key); - -#ifdef WOLFSSL_KEY_GEN - { - byte* der; - byte* pem; - int derSz = 0; - DsaKey derIn; - DsaKey genKey; - - ret = wc_InitDsaKey(&genKey); - if (ret != 0) return -8008; - - ret = wc_MakeDsaParameters(&rng, 1024, &genKey); - if (ret != 0) { - wc_FreeDsaKey(&genKey); - return -8009; - } - - ret = wc_MakeDsaKey(&rng, &genKey); - if (ret != 0) { - wc_FreeDsaKey(&genKey); - return -8010; - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - wc_FreeDsaKey(&genKey); - return -8011; - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return -8012; - } - - derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -8013; - } - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, keyDerFile, - keyPemFile, DSA_PRIVATEKEY_TYPE, -5814); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return ret; - } - - ret = wc_InitDsaKey(&derIn); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return -8014; - } - - idx = 0; - ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&derIn); - wc_FreeDsaKey(&genKey); - return -8015; - } - - wc_FreeDsaKey(&derIn); - wc_FreeDsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } -#endif /* WOLFSSL_KEY_GEN */ - - if (wc_InitDsaKey_h(&key, NULL) != 0) - return -8016; - - wc_FreeRng(&rng); - return 0; -} - -#endif /* NO_DSA */ - -#ifdef WOLFCRYPT_HAVE_SRP - -static int generate_random_salt(byte *buf, word32 size) -{ - int ret = -8017; - WC_RNG rng; - - if(NULL == buf || !size) - return -8018; - - if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { - ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); - - wc_FreeRng(&rng); - } - - return ret; -} - -int srp_test(void) -{ - Srp cli, srv; - int r; - - byte clientPubKey[80]; /* A */ - byte serverPubKey[80]; /* B */ - word32 clientPubKeySz = 80; - word32 serverPubKeySz = 80; - byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ - byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ - word32 clientProofSz = SRP_MAX_DIGEST_SIZE; - word32 serverProofSz = SRP_MAX_DIGEST_SIZE; - - byte username[] = "user"; - word32 usernameSz = 4; - - byte password[] = "password"; - word32 passwordSz = 8; - - byte N[] = { - 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, - 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, - 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, - 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, - 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, - 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, - 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 - }; - - byte g[] = { - 0x02 - }; - - byte salt[10]; - - byte verifier[80]; - word32 v_size = sizeof(verifier); - - /* set as 0's so if second init on srv not called SrpTerm is not on - * garbage values */ - XMEMSET(&srv, 0, sizeof(Srp)); - XMEMSET(&cli, 0, sizeof(Srp)); - - /* generating random salt */ - - r = generate_random_salt(salt, sizeof(salt)); - - /* client knows username and password. */ - /* server knows N, g, salt and verifier. */ - - if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); - if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); - - /* loading N, g and salt in advance to generate the verifier. */ - - if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N), - g, sizeof(g), - salt, sizeof(salt)); - if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz); - if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size); - - /* client sends username to server */ - - if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); - if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz); - if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), - g, sizeof(g), - salt, sizeof(salt)); - if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size); - if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); - - /* server sends N, g, salt and B to client */ - - if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); - if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, - serverPubKey, serverPubKeySz); - if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz); - - /* client sends A and M1 to server */ - - if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, - serverPubKey, serverPubKeySz); - if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz); - if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz); - - /* server sends M2 to client */ - - if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz); - - wc_SrpTerm(&cli); - wc_SrpTerm(&srv); - - return r; -} - -#endif /* WOLFCRYPT_HAVE_SRP */ - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - -#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) -static int openssl_aes_test(void) -{ -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - { - /* EVP_CipherUpdate test */ - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - int i; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8200; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 9) == 0) - return -8201; - if (outlen != 0) - return -8202; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[9] , 9) == 0) - return -8203; - if (outlen != 16) - return -8204; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8205; - if (outlen != 16) - return -8206; - total += outlen; - if (total != 32) - return 3408; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8207; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8208; - if (outlen != 0) - return -8209; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6], 12) == 0) - return -8210; - if (outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6+12], 14) == 0) - return -8211; - if (outlen != 16) - return -8212; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8213; - if (outlen != 2) - return -8214; - total += outlen; - - if (total != 18) - return 3427; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8215; - - /* test with encrypting/decrypting more than 16 bytes at once */ - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8216; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 17) == 0) - return -8217; - if (outlen != 16) - return -8218; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[17] , 1) == 0) - return -8219; - if (outlen != 0) - return -8220; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8221; - if (outlen != 16) - return -8222; - total += outlen; - if (total != 32) - return -8223; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8224; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0) - return -8225; - if (outlen != 16) - return -8226; - total += outlen; - - /* final call on non block size should fail */ - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) - return -8227; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[17], 1) == 0) - return -8228; - if (outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[17+1], 14) == 0) - return -8229; - if (outlen != 0) - return -8230; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8231; - if (outlen != 2) - return -8232; - total += outlen; - - if (total != 18) - return -8233; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8234; - - /* test byte by byte decrypt */ - for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { - plain[i] = i; - } - - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8235; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)plain, AES_BLOCK_SIZE * 3) == 0) - return -8236; - if (outlen != AES_BLOCK_SIZE * 3) - return -8237; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8238; - if (outlen != AES_BLOCK_SIZE) - return -8239; - total += outlen; - if (total != sizeof(plain)) - return -8240; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8241; - - for (i = 0; i < AES_BLOCK_SIZE * 4; i++) { - if (EVP_CipherUpdate(&de, (byte*)plain + total, &outlen, - (byte*)cipher + i, 1) == 0) - return -8242; - - if (outlen > 0) { - int j; - - total += outlen; - for (j = 0; j < total; j++) { - if (plain[j] != j) { - return -8243; - } - } - } - } - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8244; - total += outlen; - if (total != AES_BLOCK_SIZE * 3) { - return -8245; - } - for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { - if (plain[i] != i) { - return -8246; - } - } - } - - /* set buffers to be exact size to catch potential over read/write */ - { - /* EVP_CipherUpdate test */ - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - #define EVP_TEST_BUF_SZ 18 - #define EVP_TEST_BUF_PAD 32 - byte cipher[EVP_TEST_BUF_SZ]; - byte plain [EVP_TEST_BUF_SZ]; - byte padded[EVP_TEST_BUF_PAD]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8247; - if (EVP_CIPHER_CTX_set_padding(&en, 0) != 1) - return -8248; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) - return -8249; - if (outlen != 16) - return -8250; - total += outlen; - - /* should fail here */ - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) != 0) - return -8251; - - /* turn padding back on and do successful encrypt */ - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8252; - if (EVP_CIPHER_CTX_set_padding(&en, 1) != 1) - return -8253; - if (EVP_CipherUpdate(&en, (byte*)padded, &outlen, - (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) - return -8254; - if (outlen != 16) - return -8255; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&padded[total], &outlen) == 0) - return -8256; - total += outlen; - if (total != 32) - return -8257; - XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ); - - /* test out of bounds read on buffers w/o padding during decryption */ - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8258; - - if (EVP_CIPHER_CTX_set_padding(&de, 0) != 1) - return -8259; - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, - EVP_TEST_BUF_SZ) == 0) - return -8260; - if (outlen != 16) - return -8261; - total += outlen; - - /* should fail since not using padding */ - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) - return -8262; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8263; - if (EVP_CIPHER_CTX_set_padding(&de, 1) != 1) - return -8264; - if (EVP_CipherUpdate(&de, (byte*)padded, &outlen, (byte*)padded, - EVP_TEST_BUF_PAD) == 0) - return -8265; - if (outlen != 16) - return -8266; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&padded[total], &outlen) == 0) - return -8267; - if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ)) - return -8268; - } - - { /* evp_cipher test: EVP_aes_128_cbc */ - EVP_CIPHER_CTX ctx; - - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8269; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8270; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8271; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8272; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8273; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8274; - - - } /* end evp_cipher test: EVP_aes_128_cbc*/ -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AES_CBC */ - -#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) - { /* evp_cipher test: EVP_aes_256_ecb*/ - EVP_CIPHER_CTX ctx; - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -8275; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8276; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8277; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -8278; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8279; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8280; - - } /* end evp_cipher test */ -#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ - { - /* Test: AES_encrypt/decrypt/set Key */ - AES_KEY enc; - #ifdef HAVE_AES_DECRYPT - AES_KEY dec; - #endif - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - byte plain[sizeof(msg)]; - byte cipher[sizeof(msg)]; - - AES_set_encrypt_key(key, sizeof(key)*8, &enc); - AES_set_decrypt_key(key, sizeof(key)*8, &dec); - - AES_encrypt(msg, cipher, &enc); - - #ifdef HAVE_AES_DECRYPT - AES_decrypt(cipher, plain, &dec); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8281; - #endif /* HAVE_AES_DECRYPT */ - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8282; - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - -/* EVP_Cipher with EVP_aes_xxx_ctr() */ -#ifdef WOLFSSL_AES_COUNTER - { - byte plainBuff [64]; - byte cipherBuff[64]; - -#ifdef WOLFSSL_AES_128 - const byte ctrKey[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - const byte ctrCipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; - - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; -#endif - - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ -#ifdef WOLFSSL_AES_192 - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr192Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr256Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 - }; -#endif /* WOLFSSL_AES_256 */ - - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; -#ifdef WOLFSSL_AES_128 - EVP_CIPHER_CTX *p_en; - EVP_CIPHER_CTX *p_de; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8283; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8284; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8285; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8286; - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8287; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8288; - - p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if (p_en == NULL) - return -8289; - p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if (p_de == NULL) - return -8290; - - if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8291; - if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8292; - if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8293; - - if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8294; - - wolfSSL_EVP_CIPHER_CTX_free(p_en); - wolfSSL_EVP_CIPHER_CTX_free(p_de); - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8295; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8296; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8297; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8298; - - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8299; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8300; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8301; - if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -8302; - - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8303; - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8304; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8305; - if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -8306; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8307; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, - AES_BLOCK_SIZE) == 0) - return -8308; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8309; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8310; - - if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -8311; - if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -8312; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8313; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, - AES_BLOCK_SIZE) == 0) - return -8314; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8315; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8316; - - if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -8317; - if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -8318; -#endif /* WOLFSSL_AES_256 */ - } -#endif /* HAVE_AES_COUNTER */ - -#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128) - { - AES_KEY enc; - AES_KEY dec; - - const byte setIv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - - const byte key[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte cipher1[] = - { - 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, - 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, - 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, - 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b - }; - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51 - }; - - byte cipher[AES_BLOCK_SIZE * 2]; - byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */ - int num = 0; - - XMEMCPY(iv, setIv, sizeof(setIv)); - wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &enc); - wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &dec); - - wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, &enc, iv, - &num, AES_ENCRYPT); - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1)) - return -8319; - - if (num != 15) /* should have used 15 of the 16 bytes */ - return -8320; - - wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1, - cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv, - &num, AES_ENCRYPT); - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -8321; - - if (num != 0) - return -8322; - } -#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ - return 0; -} - - -#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ - -int openssl_test(void) -{ - EVP_MD_CTX md_ctx; - testVector a, b, c, d, e, f; - byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */ - - a.inLen = 0; - b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen; - - (void)a; - (void)b; - (void)c; - (void)d; - (void)e; - (void)f; - - /* test malloc / free , 10 is an arbitrary amount of memory chosen */ - { - byte* p; - p = (byte*)CRYPTO_malloc(10, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (p == NULL) { - return -8400; - } - XMEMSET(p, 0, 10); - #ifdef WOLFSSL_QT - CRYPTO_free(p); - #else - CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - } - -#ifndef NO_MD5 - - a.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" - "\x7a"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_md5()); - - EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) - return -8401; - -#endif /* NO_MD5 */ - -#ifndef NO_SHA - - b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaa"; - b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" - "\x53\x99\x5E\x26\xA0"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha1()); - - EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) - return -8402; - -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99" - "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA224_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha224()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) - return -8403; - -#endif /* WOLFSSL_SHA224 */ - - - d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" - "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" - "\x06\xC1"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA256_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha256()); - - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) - return -8404; - -#ifdef WOLFSSL_SHA384 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" - "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" - "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" - "\x74\x60\x39"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA384_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha384()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) - return -8405; - -#endif /* WOLFSSL_SHA384 */ - - -#ifdef WOLFSSL_SHA512 - - f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" - "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" - "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" - "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" - "\x87\x4b\xe9\x09"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_SHA512_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha512()); - - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) - return -8406; - -#endif /* WOLFSSL_SHA512 */ -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA3_224_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_224()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) - return -8407; - -#endif /* WOLFSSL_NOSHA3_224 */ - - -#ifndef WOLFSSL_NOSHA3_256 - d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf" - "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad" - "\x1d\x18"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA3_256_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_256()); - - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) - return -8408; -#endif /* WOLFSSL_NOSHA3_256 */ - - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79\xaa\x7f\xc7"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA3_384_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_384()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) - return -8409; - - - -#ifndef WOLFSSL_NOSHA3_512 - - f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55\xf2\x1d\xd1\x85"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_SHA3_512_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_512()); - - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) - return -8410; - -#endif /* WOLFSSL_NOSHA3_512 */ -#endif /* WOLFSSL_SHA3 */ - -#ifndef NO_MD5 - if (RAND_bytes(hash, sizeof(hash)) != 1) - return -8411; - - c.input = "what do ya want for nothing?"; - c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" - "\x76"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - HMAC(EVP_md5(), - "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0); - - if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) - return -8412; - -#endif /* NO_MD5 */ - -#ifndef NO_DES3 - { /* des test */ - const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - const_DES_cblock key = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - - DES_cblock iv = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef - }; - - DES_key_schedule sched; - - const byte verify[] = - { - 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, - 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, - 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b - }; - - DES_key_sched(&key, &sched); - - DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT); - DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); - - if (XMEMCMP(plain, vector, sizeof(vector)) != 0) - return -8413; - - if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -8414; - - /* test changing iv */ - DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); - DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); - - if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -8415; - - } /* end des test */ - -#endif /* NO_DES3 */ - -#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) - if (openssl_aes_test() != 0) { - return -8416; - } - -#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) - { /* evp_cipher test: EVP_aes_128_cbc */ - EVP_CIPHER_CTX ctx; - int idx, cipherSz, plainSz; - - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, - 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4, - 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06 - }; - - const byte verify2[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, - 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0, - 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8417; - - if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0) - return -8418; - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8419; - cipherSz += idx; - - if ((cipherSz != (int)sizeof(verify)) && - XMEMCMP(cipher, verify, cipherSz)) - return -8420; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8421; - - /* check partial decrypt (not enough padding for full block) */ - if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, 1) == 0) - return -8422; - - plainSz = idx; - if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) != 0) - return -8423; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8424; - - if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0) - return -8425; - - plainSz = idx; - if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0) - return -8426; - plainSz += idx; - - if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg))) - return -8427; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8428; - - if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0) - return -8429; - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8430; - cipherSz += idx; - - if ((cipherSz != (int)sizeof(verify2)) || - XMEMCMP(cipher, verify2, cipherSz)) - return -8431; - - } /* end evp_cipher test: EVP_aes_128_cbc*/ -#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ - -#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) - { /* evp_cipher test: EVP_aes_256_ecb*/ - EVP_CIPHER_CTX ctx; - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, - NULL, 1) == 0) - return -8432; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8433; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8434; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, - NULL, 0) == 0) - return -8435; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8436; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8437; - - } /* end evp_cipher test */ -#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ - -#define OPENSSL_TEST_ERROR (-10000) - - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ -{ - - /* Test: AES_encrypt/decrypt/set Key */ - AES_KEY enc; -#ifdef HAVE_AES_DECRYPT - AES_KEY dec; -#endif - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - byte plain[sizeof(msg)]; - byte cipher[sizeof(msg)]; - - printf("openSSL extra test\n") ; - - - AES_set_encrypt_key(key, sizeof(key)*8, &enc); - AES_set_decrypt_key(key, sizeof(key)*8, &dec); - - AES_encrypt(msg, cipher, &enc); - -#ifdef HAVE_AES_DECRYPT - AES_decrypt(cipher, plain, &dec); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR-60; -#endif /* HAVE_AES_DECRYPT */ - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR-61; -} - -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - -/* EVP_Cipher with EVP_aes_xxx_ctr() */ -#ifdef WOLFSSL_AES_COUNTER -{ - byte plainBuff [64]; - byte cipherBuff[64]; - -#ifdef WOLFSSL_AES_128 - const byte ctrKey[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - const byte ctrCipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; - - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr192Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr256Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 - }; -#endif /* WOLFSSL_AES_256 */ - - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; -#ifdef WOLFSSL_AES_128 - EVP_CIPHER_CTX *p_en; - EVP_CIPHER_CTX *p_de; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8438; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8439; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8440; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8441; - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8442; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8443; - - p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_en == NULL)return -8444; - p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_de == NULL)return -8445; - - if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8446; - if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8447; - if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8448; - - if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8449; - - wolfSSL_EVP_CIPHER_CTX_free(p_en); - wolfSSL_EVP_CIPHER_CTX_free(p_de); - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8450; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8451; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8452; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8453; - - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8454; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8455; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8456; - if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -8457; - - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8458; - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8459; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8460; - if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -8461; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8462; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, - AES_BLOCK_SIZE) == 0) - return -8463; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8464; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8465; - - if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -8466; - if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -8467; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8468; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, - AES_BLOCK_SIZE) == 0) - return -8469; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8470; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8471; - - if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -8472; - if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -8473; -#endif /* WOLFSSL_AES_256 */ -} -#endif /* HAVE_AES_COUNTER */ - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -{ - /* EVP_CipherUpdate test */ - - - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8474; - /* openSSL compatibility, if(inlen == 0)return 1; */ - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 0) != 1) - return -8475; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8476; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 9) == 0) - return -8477; - if(outlen != 0) - return -8478; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[9] , 9) == 0) - return -8479; - if(outlen != 16) - return -8480; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8481; - if(outlen != 16) - return -8482; - total += outlen; - if(total != 32) - return -8483; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8484; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8485; - if(outlen != 0) - return -8486; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6], 12) == 0) - return -8487; - if(outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6+12], 14) == 0) - return -8488; - if(outlen != 16) - return -8489; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8490; - if(outlen != 2) - return -8491; - total += outlen; - - if(total != 18) - return -8492; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8493; - - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_EncryptInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8494; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -8495; - if(outlen != 0) - return -8496; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -8497; - if(outlen != 16) - return -8498; - total += outlen; - - if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8499; - if(outlen != 16) - return -8500; - total += outlen; - if(total != 32) - return 3438; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_DecryptInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8501; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8502; - if(outlen != 0) - return -8503; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -8504; - if(outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -8505; - if(outlen != 16) - return -8506; - total += outlen; - - if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8507; - if(outlen != 2) - return -8508; - total += outlen; - - if(total != 18) - return 3447; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8509; - - if (EVP_CIPHER_key_length(NULL) != 0) - return -8510; - - if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16) - return -8511; - - if (EVP_CIPHER_CTX_mode(NULL) != 0) - return -8512; - - if (EVP_CIPHER_CTX_mode(&en) != (en.flags & WOLFSSL_EVP_CIPH_MODE)) - return -8513; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8514; - - EVP_CIPHER_CTX_init(&en); - if (EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8515; - - if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8516; - - if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8517; - - EVP_CIPHER_CTX_init(&de); - if (EVP_DecryptInit_ex(&de, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8518; - - if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8519; - - if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8520; - - if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) - return -8521; - - EVP_CIPHER_CTX_init(&en); - EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv); - if (EVP_CIPHER_CTX_block_size(&en) != en.block_size) - return -8522; - - if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG) - return -8523; - - if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE) - return -8524; - - if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0) - return -8525; - - if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE) - return -8526; - - EVP_CIPHER_CTX_clear_flags(&en, 0xFFFFFFFF); - EVP_CIPHER_CTX_set_flags(&en, 42); - if (en.flags != 42) - return -8527; - - if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG) - return -8528; - if (EVP_CIPHER_CTX_set_padding(&en, 0) != WOLFSSL_SUCCESS) - return -8529; - if (EVP_CIPHER_CTX_set_padding(&en, 1) != WOLFSSL_SUCCESS) - return -8530; - - } -#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ -#endif /* ifndef NO_AES */ - return 0; -} - -int openSSL_evpMD_test(void) -{ - int ret = 0; -#if !defined(NO_SHA256) && !defined(NO_SHA) - WOLFSSL_EVP_MD_CTX* ctx; - WOLFSSL_EVP_MD_CTX* ctx2; - - ctx = EVP_MD_CTX_create(); - ctx2 = EVP_MD_CTX_create(); - - ret = EVP_DigestInit(ctx, EVP_sha256()); - if (ret != SSL_SUCCESS) { - ret = -8600; - goto openSSL_evpMD_test_done; - } - - ret = EVP_MD_CTX_copy(ctx2, ctx); - if (ret != SSL_SUCCESS) { - ret = -8601; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - ret = -8602; - goto openSSL_evpMD_test_done; - } - - ret = EVP_DigestInit(ctx, EVP_sha1()); - if (ret != SSL_SUCCESS) { - ret = -8603; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - ret = -8604; - goto openSSL_evpMD_test_done; - } - - ret = EVP_MD_CTX_copy_ex(ctx2, ctx); - if (ret != SSL_SUCCESS) { - ret = -8605; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - ret = -8606; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - ret = -8607; - goto openSSL_evpMD_test_done; - } - - if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) { - ret = -8608; - goto openSSL_evpMD_test_done; - } - - if (EVP_add_digest(NULL) != 0) { - ret = -8609; - goto openSSL_evpMD_test_done; - } - - if (wolfSSL_EVP_add_cipher(NULL) != 0) { - ret = -8610; - goto openSSL_evpMD_test_done; - } - - ret = 0; /* got to success state without jumping to end with a fail */ - -openSSL_evpMD_test_done: - EVP_MD_CTX_destroy(ctx); - EVP_MD_CTX_destroy(ctx2); -#endif /* NO_SHA256 */ - - return ret; -} - -#ifdef DEBUG_SIGN -static void show(const char *title, const char *p, unsigned int s) { - char* i; - printf("%s: ", title); - for (i = p; - i < p + s; - printf("%c", *i), i++); - printf("\n"); -} -#else -#define show(a,b,c) -#endif - -#define FOURK_BUFF 4096 - -#define ERR_BASE_PKEY -5000 -int openssl_pkey0_test(void) -{ - int ret = 0; -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA) - byte* prvTmp; - byte* pubTmp; - int prvBytes; - int pubBytes; - RSA *prvRsa = NULL; - RSA *pubRsa = NULL; - EVP_PKEY *prvPkey = NULL; - EVP_PKEY *pubPkey = NULL; - EVP_PKEY_CTX *enc = NULL; - EVP_PKEY_CTX *dec = NULL; - - byte in[] = "Everyone gets Friday off."; - byte out[256]; - size_t outlen; - size_t keySz; - byte plain[256]; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE keyFile; - XFILE keypubFile; - char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keyPub.der"; - -#endif - - prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (prvTmp == NULL) - return ERR_BASE_PKEY-1; - pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return ERR_BASE_PKEY-2; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); - prvBytes = sizeof_client_key_der_1024; - XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - pubBytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); - prvBytes = sizeof_client_key_der_2048; - XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - pubBytes = sizeof_client_keypub_der_2048; -#else - keyFile = XFOPEN(cliKey, "rb"); - if (!keyFile) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", ERR_BASE_PKEY-3); - return ERR_BASE_PKEY-3; - } - prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); - XFCLOSE(keyFile); - keypubFile = XFOPEN(cliKeypub, "rb"); - if (!keypubFile) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-cert.der, " - "Please run from wolfSSL home dir", -4); - return ERR_BASE_PKEY-4; - } - pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); - XFCLOSE(keypubFile); -#endif /* USE_CERT_BUFFERS */ - - prvRsa = wolfSSL_RSA_new(); - pubRsa = wolfSSL_RSA_new(); - if((prvRsa == NULL) || (pubRsa == NULL)){ - printf("error with RSA_new\n"); - ret = ERR_BASE_PKEY-10; - goto openssl_pkey0_test_done; - } - - ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); - if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - ret = ERR_BASE_PKEY-11; - goto openssl_pkey0_test_done; - } - - ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); - if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - ret = ERR_BASE_PKEY-12; - goto openssl_pkey0_test_done; - } - keySz = (size_t)RSA_size(pubRsa); - - prvPkey = wolfSSL_EVP_PKEY_new(); - pubPkey = wolfSSL_EVP_PKEY_new(); - if((prvPkey == NULL) || (pubPkey == NULL)){ - printf("error with PKEY_new\n"); - ret = ERR_BASE_PKEY-13; - goto openssl_pkey0_test_done; - } - ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); - ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); - if(ret != 2){ - printf("error with PKEY_set1_RSA\n"); - ret = ERR_BASE_PKEY-14; - goto openssl_pkey0_test_done; - } - - dec = EVP_PKEY_CTX_new(prvPkey, NULL); - enc = EVP_PKEY_CTX_new(pubPkey, NULL); - if((dec == NULL)||(enc==NULL)){ - printf("error with EVP_PKEY_CTX_new\n"); - ret = ERR_BASE_PKEY-15; - goto openssl_pkey0_test_done; - } - - ret = EVP_PKEY_decrypt_init(dec); - if (ret != 1) { - printf("error with decrypt init\n"); - ret = ERR_BASE_PKEY-16; - goto openssl_pkey0_test_done; - } - ret = EVP_PKEY_encrypt_init(enc); - if (ret != 1) { - printf("error with encrypt init\n"); - ret = ERR_BASE_PKEY-17; - goto openssl_pkey0_test_done; - } - XMEMSET(out, 0, sizeof(out)); - ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); - if (ret != 1) { - printf("error encrypting msg\n"); - ret = ERR_BASE_PKEY-18; - goto openssl_pkey0_test_done; - } - - show("encrypted msg", out, outlen); - - XMEMSET(plain, 0, sizeof(plain)); - ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); - if (ret != 1) { - printf("error decrypting msg\n"); - ret = ERR_BASE_PKEY-19; - goto openssl_pkey0_test_done; - } - show("decrypted msg", plain, outlen); - - /* RSA_PKCS1_OAEP_PADDING test */ - ret = EVP_PKEY_decrypt_init(dec); - if (ret != 1) { - printf("error with decrypt init\n"); - ret = ERR_BASE_PKEY-30; - goto openssl_pkey0_test_done; - } - ret = EVP_PKEY_encrypt_init(enc); - if (ret != 1) { - printf("error with encrypt init\n"); - ret = ERR_BASE_PKEY-31; - goto openssl_pkey0_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - printf("first set rsa padding error\n"); - ret = ERR_BASE_PKEY-32; - goto openssl_pkey0_test_done; - } - -#ifndef HAVE_FIPS - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - printf("second set rsa padding error\n"); - ret = ERR_BASE_PKEY-33; - goto openssl_pkey0_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - printf("third set rsa padding error\n"); - ret = ERR_BASE_PKEY-34; - goto openssl_pkey0_test_done; - } -#endif - - XMEMSET(out, 0, sizeof(out)); - ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); - if (ret != 1) { - printf("error encrypting msg\n"); - ret = ERR_BASE_PKEY-35; - goto openssl_pkey0_test_done; - } - - show("encrypted msg", out, outlen); - - XMEMSET(plain, 0, sizeof(plain)); - ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); - if (ret != 1) { - printf("error decrypting msg\n"); - ret = ERR_BASE_PKEY-36; - goto openssl_pkey0_test_done; - } - - show("decrypted msg", plain, outlen); - - ret = 0; /* made it to this point without error then set success */ -openssl_pkey0_test_done: - - wolfSSL_RSA_free(prvRsa); - wolfSSL_RSA_free(pubRsa); - EVP_PKEY_free(pubPkey); - EVP_PKEY_free(prvPkey); - EVP_PKEY_CTX_free(dec); - EVP_PKEY_CTX_free(enc); - XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* NO_RSA */ - - return ret; -} - - -int openssl_pkey1_test(void) -{ - int ret = 0; -#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - !defined(NO_SHA) - EVP_PKEY_CTX* dec = NULL; - EVP_PKEY_CTX* enc = NULL; - EVP_PKEY* pubKey = NULL; - EVP_PKEY* prvKey = NULL; - X509* x509; - - const unsigned char msg[] = "sugar slapped"; - const unsigned char* clikey; - unsigned char tmp[FOURK_BUF]; - long cliKeySz; - unsigned char cipher[RSA_TEST_BYTES]; - unsigned char plain[RSA_TEST_BYTES]; - size_t outlen; - int keyLenBits = 2048; - -#if defined(USE_CERT_BUFFERS_1024) - XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); - cliKeySz = (long)sizeof_client_key_der_1024; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024, - sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1); - keyLenBits = 1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); - cliKeySz = (long)sizeof_client_key_der_2048; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, - sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072); - cliKeySz = (long)sizeof_client_key_der_3072; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072, - sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1); - keyLenBits = 3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096); - cliKeySz = (long)sizeof_client_key_der_4096; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096, - sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1); - keyLenBits = 4096; -#else - XFILE f; - - f = XFOPEN(clientKey, "rb"); - - if (!f) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -41); - return -8800; - } - - cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f); - XFCLOSE(f); - - /* using existing wolfSSL api to get public and private key */ - x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1); -#endif /* USE_CERT_BUFFERS */ - clikey = tmp; - - if ((prvKey = EVP_PKEY_new()) == NULL) { - return -8801; - } - EVP_PKEY_free(prvKey); - prvKey = NULL; - - if (x509 == NULL) { - ret = -8802; - goto openssl_pkey1_test_done; - } - - pubKey = X509_get_pubkey(x509); - if (pubKey == NULL) { - ret = -8803; - goto openssl_pkey1_test_done; - } - - prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz); - if (prvKey == NULL) { - ret = -8804; - goto openssl_pkey1_test_done; - } - - /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ - if (EVP_PKEY_bits(prvKey) != keyLenBits) { - ret = -8805; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_size(prvKey) != keyLenBits/8) { - ret = -8806; - goto openssl_pkey1_test_done; - } - - dec = EVP_PKEY_CTX_new(prvKey, NULL); - enc = EVP_PKEY_CTX_new(pubKey, NULL); - if (dec == NULL || enc == NULL) { - ret = -8807; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_decrypt_init(dec) != 1) { - ret = -8808; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_encrypt_init(enc) != 1) { - ret = -8809; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - ret = -8810; - goto openssl_pkey1_test_done; - } - -#ifndef HAVE_FIPS - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - ret = -8811; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - ret = -8812; - goto openssl_pkey1_test_done; - } -#endif - - XMEMSET(cipher, 0, sizeof(cipher)); - outlen = keyLenBits/8; - if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { - ret = -8813; - goto openssl_pkey1_test_done; - } - - XMEMSET(plain, 0, sizeof(plain)); - if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) { - ret = -8814; - goto openssl_pkey1_test_done; - } - -openssl_pkey1_test_done: - if (pubKey != NULL) { - EVP_PKEY_free(pubKey); - } - if (prvKey != NULL) { - EVP_PKEY_free(prvKey); - } - if (dec != NULL) { - EVP_PKEY_CTX_free(dec); - } - if (enc != NULL) { - EVP_PKEY_CTX_free(enc); - } - if (x509 != NULL) { - X509_free(x509); - } - -#endif - return ret; -} - - -#define ERR_BASE_EVPSIG -5100 - -int openssl_evpSig_test(void) -{ -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA) - byte* prvTmp; - byte* pubTmp; - int prvBytes; - int pubBytes; - RSA *prvRsa; - RSA *pubRsa; - EVP_PKEY *prvPkey; - EVP_PKEY *pubPkey; - - EVP_MD_CTX* sign; - EVP_MD_CTX* verf; - char msg[] = "see spot run"; - unsigned char sig[256]; - unsigned int sigSz; - const void* pt; - unsigned int count; - int ret, ret1, ret2; - - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE keyFile; - XFILE keypubFile; - char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keyPub.der"; - #endif - - prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (prvTmp == NULL) - return ERR_BASE_EVPSIG-1; - pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) { - XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ERR_BASE_EVPSIG-2; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); - prvBytes = sizeof_client_key_der_1024; - XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - pubBytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); - prvBytes = sizeof_client_key_der_2048; - XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - pubBytes = sizeof_client_keypub_der_2048; -#else - keyFile = XFOPEN(cliKey, "rb"); - if (!keyFile) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - return ERR_BASE_EVPSIG-3; - } - prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); - XFCLOSE(keyFile); - keypubFile = XFOPEN(cliKeypub, "rb"); - if (!keypubFile) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-cert.der, " - "Please run from wolfSSL home dir", -41); - return ERR_BASE_EVPSIG-4; - } - pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); - XFCLOSE(keypubFile); - #endif /* USE_CERT_BUFFERS */ - - prvRsa = wolfSSL_RSA_new(); - pubRsa = wolfSSL_RSA_new(); - if((prvRsa == NULL) || (pubRsa == NULL)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("ERROR with RSA_new", -8900); - return ERR_BASE_EVPSIG-5; - } - - ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); - ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_EVPSIG-6; - } - - prvPkey = wolfSSL_EVP_PKEY_new(); - pubPkey = wolfSSL_EVP_PKEY_new(); - if((prvPkey == NULL) || (pubPkey == NULL)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("error with KEY_new\n"); - return ERR_BASE_EVPSIG-7; - } - ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); - ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); - if((ret1 != 1) || (ret2 != 1)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("error with EVP_PKEY_set1_RSA\n"); - return ERR_BASE_EVPSIG-8; - } - - /****************** sign and verify *******************/ - sign = EVP_MD_CTX_create(); - verf = EVP_MD_CTX_create(); - if((sign == NULL)||(verf == NULL)){ - printf("error with EVP_MD_CTX_create\n"); - return ERR_BASE_EVPSIG-10; - } - - ret = EVP_SignInit(sign, EVP_sha1()); - if(ret != SSL_SUCCESS){ - printf("error with EVP_SignInit\n"); - return ERR_BASE_EVPSIG-11; - } - - count = sizeof(msg); - show("message = ", (char *)msg, count); - - /* sign */ - XMEMSET(sig, 0, sizeof(sig)); - pt = (const void*)msg; - ret1 = EVP_SignUpdate(sign, pt, count); - ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - printf("error with EVP_MD_CTX_create\n"); - return ERR_BASE_EVPSIG-12; - } - show("signature = ", (char *)sig, sigSz); - - /* verify */ - pt = (const void*)msg; - ret1 = EVP_VerifyInit(verf, EVP_sha1()); - ret2 = EVP_VerifyUpdate(verf, pt, count); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - printf("error with EVP_Verify\n"); - return ERR_BASE_EVPSIG-13; - } - if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("error with EVP_VerifyFinal\n"); - return ERR_BASE_EVPSIG-14; - } - - /* expect fail without update */ - EVP_VerifyInit(verf, EVP_sha1()); - if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("EVP_VerifyInit without update not detected\n"); - return ERR_BASE_EVPSIG-15; - } - - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - - wolfSSL_RSA_free(prvRsa); - wolfSSL_RSA_free(pubRsa); - EVP_PKEY_free(pubPkey); - EVP_PKEY_free(prvPkey); - -#endif /* NO_RSA */ - return 0; -} -#endif /* OPENSSL_EXTRA */ - - -#ifndef NO_PWDBASED -#ifdef HAVE_SCRYPT -/* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */ -int scrypt_test(void) -{ - int ret; - byte derived[64]; - - const byte verify1[] = { - 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20, - 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97, - 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8, - 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42, - 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8, - 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17, - 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28, - 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06 - }; - const byte verify2[] = { - 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, - 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, - 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, - 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, - 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, - 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, - 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, - 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 - }; -#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) - const byte verify3[] = { - 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, - 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, - 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, - 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2, - 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf, - 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9, - 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40, - 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87 - }; -#endif -#ifdef SCRYPT_TEST_ALL - /* Test case is very slow. - * Use for confirmation after code change or new platform. - */ - const byte verify4[] = { - 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, - 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, - 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, - 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47, - 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f, - 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3, - 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb, - 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4 - }; -#endif - - ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); - if (ret != 0) - return -9000; - if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) - return -9001; - - ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, - sizeof(verify2)); - if (ret != 0) - return -9002; - if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -9003; - - /* Don't run these test on embedded, since they use large mallocs */ -#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) - ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, - (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); - if (ret != 0) - return -9004; - if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) - return -9005; - -#ifdef SCRYPT_TEST_ALL - ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, - (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); - if (ret != 0) - return -9006; - if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) - return -9007; -#endif -#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ - - ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10, - 8, 16, sizeof(verify2)); - if (ret != 0) - return -9008; - if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -9009; - - return 0; -} -#endif - -#ifdef HAVE_PKCS12 -int pkcs12_test(void) -{ - const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, - 0x00, 0x00 }; - const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; - - const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, - 0x00, 0x67, 0x00, 0x00 }; - const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; - byte derived[64]; - - const byte verify[] = { - 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, - 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, - 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA - }; - - const byte verify2[] = { - 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, - 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, - 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C - }; - - int id = 1; - int kLen = 24; - int iterations = 1; - int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, - iterations, kLen, WC_SHA256, id); - - if (ret < 0) - return -9100; - - if ( (ret = XMEMCMP(derived, verify, kLen)) != 0) - return -9101; - - iterations = 1000; - ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id); - if (ret < 0) - return -9102; - - ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id, HEAP_HINT); - if (ret < 0) - return -9103; - - if ( (ret = XMEMCMP(derived, verify2, 24)) != 0) - return -9104; - - return 0; -} -#endif /* HAVE_PKCS12 */ - -#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) -int pbkdf2_test(void) -{ - char passwd[] = "passwordpassword"; - const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; - int iterations = 2048; - int kLen = 24; - byte derived[64]; - - const byte verify[] = { - 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, - 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 - }; - - int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt, - (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId); - if (ret != 0) - return ret; - - if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -9200; - - return 0; - -} -#endif /* HAVE_PBKDF2 && !NO_SHA256 */ - -#if defined(HAVE_PBKDF1) && !defined(NO_SHA) -int pbkdf1_test(void) -{ - char passwd[] = "password"; - const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; - int iterations = 1000; - int kLen = 16; - byte derived[16]; - - const byte verify[] = { - 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, - 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20 - }; - - int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd, - (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA, - HEAP_HINT); - if (ret != 0) - return ret; - - if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -9300; - - return 0; -} -#endif /* HAVE_PBKDF2 && !NO_SHA */ - -int pwdbased_test(void) -{ - int ret = 0; - -#if defined(HAVE_PBKDF1) && !defined(NO_SHA) - ret = pbkdf1_test(); - if (ret != 0) - return ret; -#endif -#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) - ret = pbkdf2_test(); - if (ret != 0) - return ret; -#endif -#ifdef HAVE_PKCS12 - ret = pkcs12_test(); - if (ret != 0) - return ret; -#endif -#ifdef HAVE_SCRYPT - ret = scrypt_test(); - if (ret != 0) - return ret; -#endif - return ret; -} - -#endif /* NO_PWDBASED */ - -#if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256)) - -int hkdf_test(void) -{ - int ret; - int L = 42; - byte okm1[42]; - byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9 }; - byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, - 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, - 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, - 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, - 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, - 0x49, 0x18 }; - byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, - 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, - 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, - 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, - 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, - 0xf8, 0x96 }; - byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, - 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, - 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, - 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, - 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, - 0x96, 0xc8 }; - byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, - 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, - 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, - 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, - 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 }; - - (void)res1; - (void)res2; - (void)res3; - (void)res4; - (void)salt1; - (void)info1; - -#ifndef NO_SHA - ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); - if (ret != 0) - return -9500; - - if (XMEMCMP(okm1, res1, L) != 0) - return -9501; - -#ifndef HAVE_FIPS - /* fips can't have key size under 14 bytes, salt is key too */ - ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); - if (ret != 0) - return -9502; - - if (XMEMCMP(okm1, res2, L) != 0) - return -9503; -#endif /* HAVE_FIPS */ -#endif /* NO_SHA */ - -#ifndef NO_SHA256 - ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); - if (ret != 0) - return -9504; - - if (XMEMCMP(okm1, res3, L) != 0) - return -9505; - -#ifndef HAVE_FIPS - /* fips can't have key size under 14 bytes, salt is key too */ - ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); - if (ret != 0) - return -9506; - - if (XMEMCMP(okm1, res4, L) != 0) - return -9507; -#endif /* HAVE_FIPS */ -#endif /* NO_SHA256 */ - - return 0; -} - -#endif /* HAVE_HKDF */ - - -#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) - -int x963kdf_test(void) -{ - int ret; - byte kek[128]; - -#ifndef NO_SHA - /* SHA-1, COUNT = 0 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z[] = { - 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d, - 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e, - 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd - }; - - const byte verify[] = { - 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22, - 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc - }; -#endif - -#ifndef NO_SHA256 - /* SHA-256, COUNT = 3 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z2[] = { - 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c, - 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b, - 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c - }; - - const byte verify2[] = { - 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a, - 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84 - }; -#endif - -#ifdef WOLFSSL_SHA512 - /* SHA-512, COUNT = 0 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z3[] = { - 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b, - 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30, - 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82 - }; - - const byte verify3[] = { - 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53, - 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45 - }; - - /* SHA-512, COUNT = 0 - * shared secret length: 521 - * SharedInfo length: 128 - * key data length: 1024 - */ - const byte Z4[] = { - 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, - 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f, - 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, - 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, - 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd, - 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, - 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, - 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0, - 0x5a, 0x2d - }; - - const byte info4[] = { - 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, - 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31 - }; - - const byte verify4[] = { - 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, - 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85, - 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, - 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, - 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3, - 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, - 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, - 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26, - 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, - 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, - 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2, - 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, - 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, - 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17, - 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, - 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 - }; -#endif - -#ifndef NO_SHA - ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, - kek, sizeof(verify)); - if (ret != 0) - return -9600; - - if (XMEMCMP(verify, kek, sizeof(verify)) != 0) - return -9601; -#endif - -#ifndef NO_SHA256 - ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, - kek, sizeof(verify2)); - if (ret != 0) - return -9602; - - if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) - return -9603; -#endif - -#ifdef WOLFSSL_SHA512 - ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, - kek, sizeof(verify3)); - if (ret != 0) - return -9604; - - if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) - return -9605; - - ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, - sizeof(info4), kek, sizeof(verify4)); - if (ret != 0) - return -9606; - - if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) - return -9607; -#endif - - return 0; -} - -#endif /* HAVE_X963_KDF */ - - -#ifdef HAVE_ECC - -#ifdef BENCH_EMBEDDED - #define ECC_SHARED_SIZE 128 -#else - #define ECC_SHARED_SIZE MAX_ECC_BYTES -#endif -#define ECC_DIGEST_SIZE MAX_ECC_BYTES -#define ECC_SIG_SIZE ECC_MAX_SIG_SIZE - -#ifndef NO_ECC_VECTOR_TEST - #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\ - !defined(NO_ECC256) || defined(HAVE_ECC384) ||\ - defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) - #define HAVE_ECC_VECTOR_TEST - #endif -#endif - -#ifdef HAVE_ECC_VECTOR_TEST -typedef struct eccVector { - const char* msg; /* SHA-1 Encoded Message */ - const char* Qx; - const char* Qy; - const char* d; /* Private Key */ - const char* R; - const char* S; - const char* curveName; - word32 msgLen; - word32 keySize; -#ifndef NO_ASN - const byte* r; - word32 rSz; - const byte* s; - word32 sSz; -#endif -} eccVector; - -static int ecc_test_vector_item(const eccVector* vector) -{ - int ret = 0, verify = 0; - word32 sigSz; - ecc_key userA; - DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - word32 sigRawSz; - DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); -#endif - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) { - FREE_VAR(sig, HEAP_HINT); - return ret; - } - - ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, - vector->d, vector->curveName); - if (ret != 0) - goto done; - - XMEMSET(sig, 0, ECC_SIG_SIZE); - sigSz = ECC_SIG_SIZE; - ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); - if (ret != 0) - goto done; - -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - XMEMSET(sigRaw, 0, ECC_SIG_SIZE); - sigRawSz = ECC_SIG_SIZE; - ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, - sigRaw, &sigRawSz); - if (ret != 0) - goto done; - - if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { - ret = -9608; - goto done; - } -#endif - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, - vector->msgLen, &verify, &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - TEST_SLEEP(); - - if (verify != 1) - ret = -9609; - -done: - wc_ecc_free(&userA); - -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - FREE_VAR(sigRaw, HEAP_HINT); -#endif - FREE_VAR(sig, HEAP_HINT); - - return ret; -} - -static int ecc_test_vector(int keySize) -{ - int ret; - eccVector vec; - - XMEMSET(&vec, 0, sizeof(vec)); - vec.keySize = (word32)keySize; - - switch(keySize) { - -#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) - case 14: - return 0; -#endif /* HAVE_ECC112 */ -#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) - case 16: - return 0; -#endif /* HAVE_ECC128 */ -#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) - case 20: - return 0; -#endif /* HAVE_ECC160 */ - -#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) - case 24: - /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b" - "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4" - "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf" - "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a" - "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd" - "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5" - "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" - "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; - vec.msgLen = 128; - #endif - vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; - vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; - vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; - vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; - vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; - vec.curveName = "SECP192R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" - "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; - vec.rSz = 24; - vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" - "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; - vec.sSz = 24; - #endif - break; -#endif /* HAVE_ECC192 */ - -#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - case 28: - /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47" - "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99" - "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64" - "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97" - "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf" - "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e" - "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" - "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; - vec.msgLen = 128; - #endif - vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; - vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; - vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; - vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; - vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; - vec.curveName = "SECP224R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" - "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" - "\xbc\x16\x71\xa7"; - vec.rSz = 28; - vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" - "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" - "\x6a\xf3\xad\x5b"; - vec.sSz = 28; - #endif - break; -#endif /* HAVE_ECC224 */ - -#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - case 30: - return 0; -#endif /* HAVE_ECC239 */ - -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) - case 32: - /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd" - "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56" - "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72" - "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4" - "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84" - "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a" - "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73" - "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" - vec.msgLen = 128; - #endif - vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; - vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; - #ifndef NO_ASN - vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" - "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" - "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; - vec.rSz = 32; - vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" - "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" - "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; - vec.sSz = 32; - #endif - vec.curveName = "SECP256R1"; - break; -#endif /* !NO_ECC256 */ - -#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - case 40: - return 0; -#endif /* HAVE_ECC320 */ - -#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - case 48: - /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47" - "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16" - "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf" - "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba" - "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d" - "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a" - "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3" - "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" - vec.msgLen = 128; - #endif - vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; - vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; - vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; - vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; - vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; - vec.curveName = "SECP384R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" - "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" - "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" - "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; - vec.rSz = 48; - vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" - "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" - "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" - "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; - vec.sSz = 48; - #endif - break; -#endif /* HAVE_ECC384 */ - -#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - case 64: - return 0; -#endif /* HAVE_ECC512 */ - -#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) - case 66: - /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33" - "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21" - "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a" - "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e" - "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16" - "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda" - "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73" - "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" - vec.msgLen = 128; - #endif - vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; - vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; - vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; - vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; - vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; - vec.curveName = "SECP521R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77" - "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf" - "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c" - "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac" - "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba" - "\x0a\xa3\xbb\x15\x21\xbe"; - vec.rSz = 66; - vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3" - "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd" - "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13" - "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79" - "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b" - "\x6c\x3d\x22\xf2\x48\x0c"; - vec.sSz = 66; - #endif - break; -#endif /* HAVE_ECC521 */ - default: - return NOT_COMPILED_IN; /* Invalid key size / Not supported */ - }; /* Switch */ - - ret = ecc_test_vector_item(&vec); - if (ret < 0) { - return ret; - } - - return 0; -} - -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) -static int ecc_test_sign_vectors(WC_RNG* rng) -{ - int ret; - ecc_key key; - byte sig[72]; - word32 sigSz; - unsigned char hash[32] = "test wolfSSL deterministic sign"; - const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; - const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; - const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; - const byte k[1] = { 0x02 }; - const byte expSig[71] = { - 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18, - 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03, - 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2, - 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc, - 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8, - 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53, - 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f, - 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf, - 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81 - }; - - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - return ret; - } - ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1"); - if (ret != 0) { - goto done; - } - - ret = wc_ecc_sign_set_k(k, sizeof(k), &key); - if (ret != 0) { - goto done; - } - - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - if (sigSz != sizeof(expSig)) { - ret = -9610; - goto done; - } - if (XMEMCMP(sig, expSig, sigSz) != 0) { - ret = -9611; - goto done; - } - - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - -done: - wc_ecc_free(&key); - return ret; -} -#endif - -#ifdef HAVE_ECC_CDH -static int ecc_test_cdh_vectors(void) -{ - int ret; - ecc_key pub_key, priv_key; - byte sharedA[32] = {0}, sharedB[32] = {0}; - word32 x, z; - - const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287"; - const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac"; - const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; - const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; - const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; - const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b"; - - /* setup private and public keys */ - ret = wc_ecc_init_ex(&pub_key, HEAP_HINT, devId); - if (ret != 0) - return ret; - ret = wc_ecc_init_ex(&priv_key, HEAP_HINT, devId); - if (ret != 0) { - wc_ecc_free(&pub_key); - return ret; - } - wc_ecc_set_flags(&pub_key, WC_ECC_FLAG_COFACTOR); - wc_ecc_set_flags(&priv_key, WC_ECC_FLAG_COFACTOR); - ret = wc_ecc_import_raw(&pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1"); - if (ret != 0) - goto done; - ret = wc_ecc_import_raw(&priv_key, QIUTx, QIUTy, dIUT, "SECP256R1"); - if (ret != 0) - goto done; - - /* compute ECC Cofactor shared secret */ - x = sizeof(sharedA); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &priv_key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&priv_key, &pub_key, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - /* read in expected Z */ - z = sizeof(sharedB); - ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z); - if (ret != 0) - goto done; - - /* compare results */ - if (x != z || XMEMCMP(sharedA, sharedB, x)) { - ERROR_OUT(-9612, done); - } - -done: - wc_ecc_free(&priv_key); - wc_ecc_free(&pub_key); - return ret; -} -#endif /* HAVE_ECC_CDH */ -#endif /* HAVE_ECC_VECTOR_TEST */ - -#ifdef HAVE_ECC_KEY_IMPORT -/* returns 0 on success */ -static int ecc_test_make_pub(WC_RNG* rng) -{ - ecc_key key; - unsigned char* exportBuf; - unsigned char* tmp; - unsigned char msg[] = "test wolfSSL ECC public gen"; - word32 x, tmpSz; - int ret = 0; - ecc_point* pubPoint = NULL; -#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) - ecc_key pub; -#endif -#ifdef HAVE_ECC_VERIFY - int verify = 0; -#endif -#ifndef USE_CERT_BUFFERS_256 - XFILE file; -#endif - - wc_ecc_init_ex(&key, HEAP_HINT, devId); - -#ifdef USE_CERT_BUFFERS_256 - tmp = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9613; - } - exportBuf = (byte*)XMALLOC((size_t)sizeof_ecc_key_der_256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9614; - } - XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); - tmpSz = (size_t)sizeof_ecc_key_der_256; -#else - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return -9615; - } - exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) { - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9616; - } - file = XFOPEN(eccKeyDerFile, "rb"); - if (!file) { - ERROR_OUT(-9617, done); - } - - tmpSz = (word32)XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS_256 */ - - /* import private only then test with */ - ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); - if (ret == 0) { - ERROR_OUT(-9618, done); - } - - ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key); - if (ret == 0) { - ERROR_OUT(-9619, done); - } - - x = 0; - ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz); - if (ret != 0) { - ERROR_OUT(-9620, done); - } - -#ifdef HAVE_ECC_KEY_EXPORT - x = FOURK_BUF; - ret = wc_ecc_export_private_only(&key, exportBuf, &x); - if (ret != 0) { - ERROR_OUT(-9621, done); - } - - /* make private only key */ - wc_ecc_free(&key); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); - if (ret != 0) { - ERROR_OUT(-9622, done); - } - - x = FOURK_BUF; - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9623, done); - } - -#endif /* HAVE_ECC_KEY_EXPORT */ - - ret = wc_ecc_make_pub(NULL, NULL); - if (ret == 0) { - ERROR_OUT(-9624, done); - } - TEST_SLEEP(); - - pubPoint = wc_ecc_new_point_h(HEAP_HINT); - if (pubPoint == NULL) { - ERROR_OUT(-9625, done); - } - - ret = wc_ecc_make_pub(&key, pubPoint); - if (ret != 0) { - ERROR_OUT(-9626, done); - } - - TEST_SLEEP(); - -#ifdef HAVE_ECC_KEY_EXPORT - /* export should still fail, is private only key */ - x = FOURK_BUF; - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9627, done); - } -#endif /* HAVE_ECC_KEY_EXPORT */ -#if defined(WOLFSSL_CRYPTOCELL) - /* create a new key since building private key from public key is unsupported */ - ret = wc_ecc_make_key(rng, 32, &key); - if (ret == 0) { - ERROR_OUT(-9628, done); - } -#endif -#ifdef HAVE_ECC_SIGN - tmpSz = FOURK_BUF; - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(msg, sizeof(msg), tmp, &tmpSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - ERROR_OUT(-9629, done); - } - TEST_SLEEP(); - -#ifdef HAVE_ECC_VERIFY - /* try verify with private only key */ - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(tmp, tmpSz, msg, sizeof(msg), &verify, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - ERROR_OUT(-9630, done); - } - - if (verify != 1) { - ERROR_OUT(-9631, done); - } - TEST_SLEEP(); -#ifdef HAVE_ECC_KEY_EXPORT - /* exporting the public part should now work */ - x = FOURK_BUF; - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret != 0) { - ERROR_OUT(-9632, done); - } -#endif /* HAVE_ECC_KEY_EXPORT */ -#endif /* HAVE_ECC_VERIFY */ - -#endif /* HAVE_ECC_SIGN */ - -#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) - /* now test private only key with creating a shared secret */ - x = FOURK_BUF; - ret = wc_ecc_export_private_only(&key, exportBuf, &x); - if (ret != 0) { - ERROR_OUT(-9633, done); - } - - /* make private only key */ - wc_ecc_free(&key); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); - if (ret != 0) { - ERROR_OUT(-9634, done); - } - - /* check that public export fails with private only key */ - x = FOURK_BUF; - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9635, done); - } - - /* make public key for shared secret */ - wc_ecc_init_ex(&pub, HEAP_HINT, devId); - ret = wc_ecc_make_key(rng, 32, &pub); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-9636, done); - } - TEST_SLEEP(); - - x = FOURK_BUF; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) { - ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x); - } - } while (ret == WC_PENDING_E); - wc_ecc_free(&pub); - if (ret != 0) { - ERROR_OUT(-9637, done); - } - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */ - - ret = 0; - -done: - - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - wc_ecc_del_point_h(pubPoint, HEAP_HINT); - wc_ecc_free(&key); - - return ret; -} -#endif /* HAVE_ECC_KEY_IMPORT */ - - -#ifdef WOLFSSL_KEY_GEN -static int ecc_test_key_gen(WC_RNG* rng, int keySize) -{ - int ret = 0; - int derSz; -#ifdef HAVE_PKCS8 - word32 pkcs8Sz; -#endif - byte* der; - byte* pem; - ecc_key userA; - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - return -9638; - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -9639; - } - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - - ret = wc_ecc_make_key(rng, keySize, &userA); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - ret = wc_ecc_check_key(&userA); - if (ret != 0) - goto done; - TEST_SLEEP(); - - derSz = wc_EccKeyToDer(&userA, der, FOURK_BUF); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - - ret = SaveDerAndPem(der, derSz, pem, FOURK_BUF, eccCaKeyTempFile, - eccCaKeyPemFile, ECC_PRIVATEKEY_TYPE, -8347); - if (ret != 0) { - goto done; - } - - /* test export of public key */ - derSz = wc_EccPublicKeyToDer(&userA, der, FOURK_BUF, 1); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - if (derSz == 0) { - ERROR_OUT(-9640, done); - } - - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPubKeyDerFile, - NULL, 0, -8348); - if (ret != 0) { - goto done; - } - -#ifdef HAVE_PKCS8 - /* test export of PKCS#8 unencrypted private key */ - pkcs8Sz = FOURK_BUF; - derSz = wc_EccPrivateKeyToPKCS8(&userA, der, &pkcs8Sz); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - - if (derSz == 0) { - ERROR_OUT(-9641, done); - } - - ret = SaveDerAndPem(der, derSz, NULL, 0, eccPkcs8KeyDerFile, - NULL, 0, -8349); - if (ret != 0) { - goto done; - } -#endif /* HAVE_PKCS8 */ - -done: - - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ecc_free(&userA); - - return ret; -} -#endif /* WOLFSSL_KEY_GEN */ - -static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, - int curve_id, const ecc_set_type* dp) -{ -#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) - DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); - DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); -#endif -#ifdef HAVE_ECC_KEY_EXPORT - byte exportBuf[MAX_ECC_BYTES * 2 + 32]; -#endif - word32 x; -#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) - word32 y; -#endif -#ifdef HAVE_ECC_SIGN - DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); - DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); - int i; -#ifdef HAVE_ECC_VERIFY - int verify; -#endif /* HAVE_ECC_VERIFY */ -#endif /* HAVE_ECC_SIGN */ - int ret; - ecc_key userA, userB, pubKey; - int curveSize; - - (void)testVerifyCount; - (void)dp; - (void)x; - - XMEMSET(&userA, 0, sizeof(ecc_key)); - XMEMSET(&userB, 0, sizeof(ecc_key)); - XMEMSET(&pubKey, 0, sizeof(ecc_key)); - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); - if (ret != 0) - goto done; - -#ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&userA, dp); - if (ret != 0) - goto done; - ret = wc_ecc_set_custom_curve(&userB, dp); - if (ret != 0) - goto done; - } -#endif - - ret = wc_ecc_make_key_ex(rng, keySize, &userA, curve_id); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - if (wc_ecc_get_curve_idx(curve_id) != -1) { - curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id); - if (curveSize != userA.dp->size) { - ret = -9642; - goto done; - } - } - - ret = wc_ecc_check_key(&userA); - if (ret != 0) - goto done; - TEST_SLEEP(); - - ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - /* only perform the below tests if the key size matches */ - if (dp == NULL && keySize > 0 && wc_ecc_size(&userA) != keySize) { - ret = ECC_CURVE_OID_E; - goto done; - } - -#ifdef HAVE_ECC_DHE - x = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (y != x) - ERROR_OUT(-9643, done); - - if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-9644, done); - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE */ - -#ifdef HAVE_ECC_CDH - /* add cofactor flag */ - wc_ecc_set_flags(&userA, WC_ECC_FLAG_COFACTOR); - wc_ecc_set_flags(&userB, WC_ECC_FLAG_COFACTOR); - - x = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (y != x) - ERROR_OUT(-9645, done); - - if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-9646, done); - TEST_SLEEP(); - - /* remove cofactor flag */ - wc_ecc_set_flags(&userA, 0); - wc_ecc_set_flags(&userB, 0); -#endif /* HAVE_ECC_CDH */ - -#ifdef HAVE_ECC_KEY_EXPORT - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 0); - if (ret != 0) - goto done; - -#ifdef HAVE_ECC_KEY_IMPORT - #ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&pubKey, dp); - if (ret != 0) goto done; - } - #endif - ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); - if (ret != 0) - goto done; - -#ifdef HAVE_ECC_DHE - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-9647, done); - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE */ - - #ifdef HAVE_COMP_KEY - /* try compressed export / import too */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1); - if (ret != 0) - goto done; - wc_ecc_free(&pubKey); - - ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); - if (ret != 0) - goto done; - #ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&pubKey, dp); - if (ret != 0) goto done; - } - #endif - ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); - if (ret != 0) - goto done; - - #ifdef HAVE_ECC_DHE - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-9648, done); - TEST_SLEEP(); - #endif /* HAVE_ECC_DHE */ - #endif /* HAVE_COMP_KEY */ - -#endif /* HAVE_ECC_KEY_IMPORT */ -#endif /* HAVE_ECC_KEY_EXPORT */ - -#ifdef HAVE_ECC_SIGN - /* ECC w/out Shamir has issue with all 0 digest */ - /* WC_BIGINT doesn't have 0 len well on hardware */ -#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) - /* test DSA sign hash with zeros */ - for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { - digest[i] = 0; - } - - x = ECC_SIG_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, - &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - TEST_SLEEP(); - -#ifdef HAVE_ECC_VERIFY - for (i=0; i<testVerifyCount; i++) { - verify = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, - &verify, &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - if (verify != 1) - ERROR_OUT(-9649, done); - TEST_SLEEP(); - } -#endif /* HAVE_ECC_VERIFY */ -#endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT */ - - /* test DSA sign hash with sequence (0,1,2,3,4,...) */ - for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { - digest[i] = (byte)i; - } - - x = ECC_SIG_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, - &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - ERROR_OUT(-9650, done); - TEST_SLEEP(); - -#ifdef HAVE_ECC_VERIFY - for (i=0; i<testVerifyCount; i++) { - verify = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, - &verify, &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - if (verify != 1) - ERROR_OUT(-9651, done); - TEST_SLEEP(); - } -#endif /* HAVE_ECC_VERIFY */ -#endif /* HAVE_ECC_SIGN */ - -#ifdef HAVE_ECC_KEY_EXPORT - x = sizeof(exportBuf); - ret = wc_ecc_export_private_only(&userA, exportBuf, &x); - if (ret != 0) - goto done; -#endif /* HAVE_ECC_KEY_EXPORT */ - -done: - wc_ecc_free(&pubKey); - wc_ecc_free(&userB); - wc_ecc_free(&userA); - -#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) - FREE_VAR(sharedA, HEAP_HINT); - FREE_VAR(sharedB, HEAP_HINT); -#endif -#ifdef HAVE_ECC_SIGN - FREE_VAR(sig, HEAP_HINT); - FREE_VAR(digest, HEAP_HINT); -#endif - - return ret; -} - -#undef ECC_TEST_VERIFY_COUNT -#define ECC_TEST_VERIFY_COUNT 2 -static int ecc_test_curve(WC_RNG* rng, int keySize) -{ - int ret; - - ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, - ECC_CURVE_DEF, NULL); - if (ret < 0) { - if (ret == ECC_CURVE_OID_E) { - /* ignore error for curves not found */ - /* some curve sizes are only available with: - HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL - and HAVE_ECC_KOBLITZ */ - } - else { - printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret); - return ret; - } - } - -#ifdef HAVE_ECC_VECTOR_TEST - ret = ecc_test_vector(keySize); - if (ret < 0) { - printf("ecc_test_vector %d failed!: %d\n", keySize, ret); - return ret; - } -#endif - -#ifdef WOLFSSL_KEY_GEN - ret = ecc_test_key_gen(rng, keySize); - if (ret < 0) { - if (ret == ECC_CURVE_OID_E) { - /* ignore error for curves not found */ - } - else { - printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret); - return ret; - } - } -#endif - - return 0; -} - -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) -#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) -static int ecc_point_test(void) -{ - int ret; - ecc_point* point; - ecc_point* point2; -#ifdef HAVE_COMP_KEY - ecc_point* point3; - ecc_point* point4; -#endif - word32 outLen; - byte out[65]; - byte der[] = { 0x04, /* = Uncompressed */ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; -#ifdef HAVE_COMP_KEY - byte derComp0[] = { 0x02, /* = Compressed, y even */ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; - byte derComp1[] = { 0x03, /* = Compressed, y odd */ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; -#endif - byte altDer[] = { 0x04, /* = Uncompressed */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; - int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1); - - /* if curve P256 is not enabled then test should not fail */ - if (curve_idx == ECC_CURVE_INVALID) - return 0; - - outLen = sizeof(out); - point = wc_ecc_new_point(); - if (point == NULL) - return -9700; - point2 = wc_ecc_new_point(); - if (point2 == NULL) { - wc_ecc_del_point(point); - return -9701; - } -#ifdef HAVE_COMP_KEY - point3 = wc_ecc_new_point(); - if (point3 == NULL) { - wc_ecc_del_point(point2); - wc_ecc_del_point(point); - return -9702; - } - point4 = wc_ecc_new_point(); - if (point4 == NULL) { - wc_ecc_del_point(point3); - wc_ecc_del_point(point2); - wc_ecc_del_point(point); - return -9703; - } -#endif - - /* Parameter Validation testing. */ - wc_ecc_del_point(NULL); - ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point); - if (ret != ECC_BAD_ARG_E) { - ret = -9704; - goto done; - } - ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point); - if (ret != ECC_BAD_ARG_E) { - ret = -9705; - goto done; - } - ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL); - if (ret != ECC_BAD_ARG_E) { - ret = -9706; - goto done; - } - ret = wc_ecc_export_point_der(-1, point, out, &outLen); - if (ret != ECC_BAD_ARG_E) { - ret = -9707; - goto done; - } - ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen); - if (ret != ECC_BAD_ARG_E) { - ret = -9708; - goto done; - } - ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen); - if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) { - ret = -9709; - goto done; - } - ret = wc_ecc_export_point_der(curve_idx, point, out, NULL); - if (ret != ECC_BAD_ARG_E) { - ret = -9710; - goto done; - } - outLen = 0; - ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); - if (ret != BUFFER_E) { - ret = -9711; - goto done; - } - ret = wc_ecc_copy_point(NULL, NULL); - if (ret != ECC_BAD_ARG_E) { - ret = -9712; - goto done; - } - ret = wc_ecc_copy_point(NULL, point2); - if (ret != ECC_BAD_ARG_E) { - ret = -9713; - goto done; - } - ret = wc_ecc_copy_point(point, NULL); - if (ret != ECC_BAD_ARG_E) { - ret = -9714; - goto done; - } - ret = wc_ecc_cmp_point(NULL, NULL); - if (ret != BAD_FUNC_ARG) { - ret = -9715; - goto done; - } - ret = wc_ecc_cmp_point(NULL, point2); - if (ret != BAD_FUNC_ARG) { - ret = -9716; - goto done; - } - ret = wc_ecc_cmp_point(point, NULL); - if (ret != BAD_FUNC_ARG) { - ret = -9717; - goto done; - } - - /* Use API. */ - ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point); - if (ret != 0) { - ret = -9718; - goto done; - } - - outLen = sizeof(out); - ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); - if (ret != 0) { - ret = -9719; - goto done; - } - if (outLen != sizeof(der)) { - ret = -9720; - goto done; - } - if (XMEMCMP(out, der, outLen) != 0) { - ret = -9721; - goto done; - } - - ret = wc_ecc_copy_point(point2, point); - if (ret != MP_OKAY) { - ret = -9722; - goto done; - } - ret = wc_ecc_cmp_point(point2, point); - if (ret != MP_EQ) { - ret = -9723; - goto done; - } - - ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2); - if (ret != 0) { - ret = -9724; - goto done; - } - ret = wc_ecc_cmp_point(point2, point); - if (ret != MP_GT) { - ret = -9725; - goto done; - } - -#ifdef HAVE_COMP_KEY - ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); - if (ret != 0) { - ret = -9726; - goto done; - } - - ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0); - if (ret != 0) { - ret = -9727; - goto done; - } - - ret = wc_ecc_cmp_point(point3, point4); - if (ret != MP_EQ) { - ret = -9728; - goto done; - } - - ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3); - if (ret != 0) { - ret = -9729; - goto done; - } - - ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0); - if (ret != 0) { - ret = -9730; - goto done; - } - - ret = wc_ecc_cmp_point(point3, point4); - if (ret != MP_EQ) { - ret = -9731; - goto done; - } -#endif - -done: -#ifdef HAVE_COMP_KEY - wc_ecc_del_point(point4); - wc_ecc_del_point(point3); -#endif - wc_ecc_del_point(point2); - wc_ecc_del_point(point); - - return ret; -} -#endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ - -#ifndef NO_SIG_WRAPPER -static int ecc_sig_test(WC_RNG* rng, ecc_key* key) -{ - int ret; - word32 sigSz; - int size; - byte out[ECC_MAX_SIG_SIZE]; - byte in[] = "Everyone gets Friday off."; - const byte hash[] = { - 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, - 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, - 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, - 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f - }; - word32 inLen = (word32)XSTRLEN((char*)in); - - size = wc_ecc_sig_size(key); - - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key)); - if (ret != size) - return -9728; - - sigSz = (word32)ret; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, - inLen, out, &sigSz, key, sizeof(*key), rng); - if (ret != 0) - return -9729; - TEST_SLEEP(); - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, - inLen, out, sigSz, key, sizeof(*key)); - if (ret != 0) - return -9730; - TEST_SLEEP(); - - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, - hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng); - if (ret != 0) - return -9731; - TEST_SLEEP(); - - ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, - hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key)); - if (ret != 0) - return -9732; - TEST_SLEEP(); - - return 0; -} -#endif - -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) -static int ecc_exp_imp_test(ecc_key* key) -{ - int ret; - int curve_id; - ecc_key keyImp; - byte priv[32]; - word32 privLen; - byte pub[65]; - word32 pubLen, pubLenX, pubLenY; - const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83" - "ce46cbc947616d0cbaa82323818a793d"; - const char qy[] = "eec4084f5b29ebf29c44cce3b3059610" - "922f8b30ea6e8811742ac7238fe87308"; - const char d[] = "8c14b793cb19137e323a6d2e2a870bca" - "2e7a493ec1153b3a95feb8a4873f8d08"; - - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - privLen = sizeof(priv); - ret = wc_ecc_export_private_only(key, priv, &privLen); - if (ret != 0) { - ret = -9733; - goto done; - } - pubLen = sizeof(pub); - ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen); - if (ret != 0) { - ret = -9734; - goto done; - } - - ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp); - if (ret != 0) { - ret = -9735; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1); - if (ret != 0) { - ret = -9736; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - curve_id = wc_ecc_get_curve_id(key->idx); - if (curve_id < 0) { - ret = -9737; - goto done; - } - - /* test import private only */ - ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp, - curve_id); - if (ret != 0) { - ret = -9738; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - /* test export public raw */ - pubLenX = pubLenY = 32; - ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); - if (ret != 0) { - ret = -9739; - goto done; - } - -#ifndef HAVE_SELFTEST - /* test import of public */ - ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1); - if (ret != 0) { - ret = -9740; - goto done; - } -#endif - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - /* test export private and public raw */ - pubLenX = pubLenY = privLen = 32; - ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, - priv, &privLen); - if (ret != 0) { - ret = -9741; - goto done; - } - -#ifndef HAVE_SELFTEST - /* test import of private and public */ - ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1); - if (ret != 0) { - ret = -9742; - goto done; - } -#endif - -done: - wc_ecc_free(&keyImp); - return ret; -} -#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ - -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) -#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) -static int ecc_mulmod_test(ecc_key* key1) -{ - int ret; - ecc_key key2; - ecc_key key3; - - wc_ecc_init_ex(&key2, HEAP_HINT, devId); - wc_ecc_init_ex(&key3, HEAP_HINT, devId); - - /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */ - /* Need base point (Gx,Gy) and parameter A - load them as the public and - * private key in key2. - */ - ret = wc_ecc_import_raw_ex(&key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af, - ECC_SECP256R1); - if (ret != 0) - goto done; - - /* Need a point (Gx,Gy) and prime - load them as the public and private key - * in key3. - */ - ret = wc_ecc_import_raw_ex(&key3, key1->dp->Gx, key1->dp->Gy, - key1->dp->prime, ECC_SECP256R1); - if (ret != 0) - goto done; - - ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, - 1); - if (ret != 0) { - ret = -9743; - goto done; - } - -done: - wc_ecc_free(&key3); - wc_ecc_free(&key2); - return ret; -} -#endif - -#ifdef HAVE_ECC_DHE -static int ecc_ssh_test(ecc_key* key) -{ - int ret; - byte out[128]; - word32 outLen = sizeof(out); - - /* Parameter Validation testing. */ - ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); - if (ret != BAD_FUNC_ARG) - return -9744; - ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); - if (ret != BAD_FUNC_ARG) - return -9745; - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); - if (ret != BAD_FUNC_ARG) - return -9746; - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); - if (ret != BAD_FUNC_ARG) - return -9747; - - /* Use API. */ - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); - } while (ret == WC_PENDING_E); - if (ret != 0) - return -9748; - TEST_SLEEP(); - return 0; -} -#endif /* HAVE_ECC_DHE */ -#endif - -static int ecc_def_curve_test(WC_RNG *rng) -{ - int ret; - ecc_key key; - - wc_ecc_init_ex(&key, HEAP_HINT, devId); - - /* Use API */ - ret = wc_ecc_set_flags(NULL, 0); - if (ret != BAD_FUNC_ARG) { - ret = -9749; - goto done; - } - ret = wc_ecc_set_flags(&key, 0); - if (ret != 0) { - ret = -9750; - goto done; - } - - ret = wc_ecc_make_key(rng, 32, &key); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ret = -9751; - goto done; - } - TEST_SLEEP(); - -#ifndef NO_SIG_WRAPPER - ret = ecc_sig_test(rng, &key); - if (ret < 0) - goto done; -#endif -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) - ret = ecc_exp_imp_test(&key); - if (ret < 0) - goto done; -#endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_CRYPTOCELL) -#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) - ret = ecc_mulmod_test(&key); - if (ret < 0) - goto done; -#endif -#ifdef HAVE_ECC_DHE - ret = ecc_ssh_test(&key); - if (ret < 0) - goto done; -#endif -#endif /* WOLFSSL_ATECC508A */ -done: - wc_ecc_free(&key); - return ret; -} -#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ - -#ifdef WOLFSSL_CERT_EXT -static int ecc_decode_test(void) -{ - int ret; - word32 inSz; - word32 inOutIdx; - ecc_key key; - - /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ - - /* This is ecc_clikeypub_der_256. */ - static const byte good[] = { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, - 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4, - 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5, - 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80, - 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda, - 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56, - 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42, - 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f, - 0xb4 }; - static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, - 0x00, 0x04, 0x01, 0x01 }; - static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, - 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, - 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, - 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; - static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x03, 0x04, 0x01, 0x01 }; - static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x03, 0x00, 0x04, 0x01 }; - - XMEMSET(&key, 0, sizeof(key)); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - - inSz = sizeof(good); - ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9800; - goto done; - } - ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9801; - goto done; - } - ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9802; - goto done; - } - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0); - if (ret != BAD_FUNC_ARG) { - ret = -9803; - goto done; - } - - /* Change offset to produce bad input data. */ - inOutIdx = 2; - inSz = sizeof(good) - inOutIdx; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9804; - goto done; - } - inOutIdx = 4; - inSz = sizeof(good) - inOutIdx; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9805; - goto done; - } - /* Bad data. */ - inSz = sizeof(badNoObjId); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz); - if (ret != ASN_OBJECT_ID_E) { - ret = -9806; - goto done; - } - inSz = sizeof(badOneObjId); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz); - if (ret != ASN_OBJECT_ID_E) { - ret = -9807; - goto done; - } - inSz = sizeof(badObjId1Len); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9808; - goto done; - } - inSz = sizeof(badObj2d1Len); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9809; - goto done; - } - inSz = sizeof(badNotBitStr); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz); - if (ret != ASN_BITSTR_E) { - ret = -9810; - goto done; - } - inSz = sizeof(badBitStrLen); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9811; - goto done; - } - inSz = sizeof(badNoBitStrZero); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -9812; - goto done; - } - inSz = sizeof(badPoint); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz); - if (ret != ASN_ECC_KEY_E) { - ret = -9813; - goto done; - } - - inSz = sizeof(good); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != 0) { - ret = -9814; - goto done; - } - -done: - wc_ecc_free(&key); - return ret; -} -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef WOLFSSL_CUSTOM_CURVES -static const byte eccKeyExplicitCurve[] = { - 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07, - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, - 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, - 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, - 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, - 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, - 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, - 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, - 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, - 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, - 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, - 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, - 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, - 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, - 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, - 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, - 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, - 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, - 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49, - 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a, - 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9, - 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe, - 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d, - 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88, - 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe, - 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b -}; - -static int ecc_test_custom_curves(WC_RNG* rng) -{ - int ret; - word32 inOutIdx; - ecc_key key; - - /* test use of custom curve - using BRAINPOOLP256R1 for test */ - #ifndef WOLFSSL_ECC_CURVE_STATIC - const ecc_oid_t ecc_oid_brainpoolp256r1[] = { - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 - }; - const word32 ecc_oid_brainpoolp256r1_sz = - sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t); - #else - #define ecc_oid_brainpoolp256r1 { \ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \ - } - #define ecc_oid_brainpoolp256r1_sz 9 - #endif - const word32 ecc_oid_brainpoolp256r1_sum = 104; - - const ecc_set_type ecc_dp_brainpool256r1 = { - 32, /* size/bytes */ - ECC_CURVE_CUSTOM, /* ID */ - "BRAINPOOLP256R1", /* curve name */ - "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */ - "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */ - "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */ - "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */ - "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */ - "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */ - ecc_oid_brainpoolp256r1, /* oid/oidSz */ - ecc_oid_brainpoolp256r1_sz, - ecc_oid_brainpoolp256r1_sum, /* oid sum */ - 1, /* cofactor */ - }; - - ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF, - &ecc_dp_brainpool256r1); - if (ret != 0) { - printf("ECC test for custom curve failed! %d\n", ret); - return ret; - } - - #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ) - { - int curve_id; - #ifdef HAVE_ECC_BRAINPOOL - curve_id = ECC_BRAINPOOLP256R1; - #else - curve_id = ECC_SECP256K1; - #endif - /* Test and demonstrate use of non-SECP curve */ - ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL); - if (ret < 0) { - printf("ECC test for curve_id %d failed! %d\n", curve_id, ret); - return ret; - } - } - #endif - - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - return -9815; - } - - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key, - sizeof(eccKeyExplicitCurve)); - if (ret != 0) - return -9816; - - wc_ecc_free(&key); - - return ret; -} -#endif /* WOLFSSL_CUSTOM_CURVES */ - -#ifdef WOLFSSL_CERT_GEN - -/* Make Cert / Sign example for ECC cert and ECC CA */ -static int ecc_test_cert_gen(WC_RNG* rng) -{ - int ret; - Cert myCert; - int certSz; - size_t bytes; - word32 idx = 0; -#ifndef USE_CERT_BUFFERS_256 - XFILE file; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif - byte* der; - byte* pem = NULL; - ecc_key caEccKey; - ecc_key certPubKey; - - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&certPubKey, 0, sizeof(certPubKey)); - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-9817, exit); - } - pem = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - ERROR_OUT(-9818, exit); - } - - /* Get cert private key */ -#ifdef ENABLE_ECC384_CERT_GEN_TEST - /* Get Cert Key 384 */ -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384); - bytes = sizeof_ca_ecc_key_der_384; -#else - file = XFOPEN(eccCaKey384File, "rb"); - if (!file) { - ERROR_OUT(-9819, exit); - } - - bytes = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); - (void)eccCaKeyFile; -#endif /* USE_CERT_BUFFERS_256 */ -#else -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256); - bytes = sizeof_ca_ecc_key_der_256; -#else - file = XFOPEN(eccCaKeyFile, "rb"); - if (!file) { - ERROR_OUT(-9820, exit); - } - bytes = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); -#ifdef ENABLE_ECC384_CERT_GEN_TEST - (void)eccCaKey384File; -#endif -#endif /* USE_CERT_BUFFERS_256 */ -#endif /* ENABLE_ECC384_CERT_GEN_TEST */ - - /* Get CA Key */ - ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-9821, exit); - } - ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-9822, exit); - } - - /* Make a public key */ - ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-9823, exit); - } - - ret = wc_ecc_make_key(rng, 32, &certPubKey); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-9824, exit); - } - TEST_SLEEP(); - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-9825, exit); - } - -#ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wECDSA; -#else - myCert.sigType = CTC_SHAwECDSA; -#endif - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) { - ERROR_OUT(-9826, exit); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) { - ERROR_OUT(-9827, exit); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-9828, exit); - } -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef ENABLE_ECC384_CERT_GEN_TEST - #if defined(USE_CERT_BUFFERS_256) - ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_384, - sizeof_ca_ecc_cert_der_384); -#else - ret = wc_SetIssuer(&myCert, eccCaCert384File); - (void)eccCaCertFile; -#endif -#else -#if defined(USE_CERT_BUFFERS_256) - ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_256, - sizeof_ca_ecc_cert_der_256); -#else - ret = wc_SetIssuer(&myCert, eccCaCertFile); -#ifdef ENABLE_ECC384_CERT_GEN_TEST - (void)eccCaCert384File; -#endif -#endif -#endif /* ENABLE_ECC384_CERT_GEN_TEST */ - if (ret < 0) { - ERROR_OUT(-9829, exit); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng); - if (certSz < 0) { - ERROR_OUT(-9830, exit); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, - FOURK_BUF, NULL, &caEccKey, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-9831, exit); - } - certSz = ret; - TEST_SLEEP(); - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-9832, exit); - - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, pem, FOURK_BUF, certEccDerFile, - certEccPemFile, CERT_TYPE, -6735); - if (ret != 0) { - goto exit; - } - -exit: - wc_ecc_free(&certPubKey); - wc_ecc_free(&caEccKey); - - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} -#endif /* WOLFSSL_CERT_GEN */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ -static int ecc_test_allocator(WC_RNG* rng) -{ - int ret = 0; - ecc_key* key; - - key = wc_ecc_key_new(HEAP_HINT); - if (key == NULL) { - ERROR_OUT(-9833, exit); - } - - ret = wc_ecc_make_key(rng, 32, key); - if (ret != 0) { - ERROR_OUT(-9834, exit); - } - -exit: - wc_ecc_key_free(key); - return ret; -} -#endif - -int ecc_test(void) -{ - int ret; - WC_RNG rng; - -#ifdef WOLFSSL_CERT_EXT - ret = ecc_decode_test(); - if (ret < 0) - return ret; -#endif - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -9900; - -#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 14); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC112 */ -#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 16); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC128 */ -#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 20); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC160 */ -#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 24); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC192 */ -#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 28); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC224 */ -#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 30); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC239 */ -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 32); - if (ret < 0) { - goto done; - } -#if !defined(WOLFSSL_ATECC508A) && defined(HAVE_ECC_KEY_IMPORT) && \ - defined(HAVE_ECC_KEY_EXPORT) - ret = ecc_point_test(); - if (ret < 0) { - goto done; - } -#endif - ret = ecc_def_curve_test(&rng); - if (ret < 0) { - goto done; - } -#endif /* !NO_ECC256 */ -#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 40); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC320 */ -#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 48); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC384 */ -#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 64); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC512 */ -#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 66); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC521 */ - -#if defined(WOLFSSL_CUSTOM_CURVES) - ret = ecc_test_custom_curves(&rng); - if (ret != 0) { - goto done; - } -#endif - -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) - ret = ecc_test_sign_vectors(&rng); - if (ret != 0) { - printf("ecc_test_sign_vectors failed! %d\n", ret); - goto done; - } -#endif -#ifdef HAVE_ECC_CDH - ret = ecc_test_cdh_vectors(); - if (ret != 0) { - printf("ecc_test_cdh_vectors failed! %d\n", ret); - goto done; - } -#endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_STM32_PKA) - ret = ecc_test_make_pub(&rng); - if (ret != 0) { - printf("ecc_test_make_pub failed!: %d\n", ret); - goto done; - } -#else - (void) ecc_test_make_pub;/* for compiler warning */ -#endif -#ifdef WOLFSSL_CERT_GEN - ret = ecc_test_cert_gen(&rng); - if (ret != 0) { - printf("ecc_test_cert_gen failed!: %d\n", ret); - goto done; - } -#endif -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - ret = ecc_test_allocator(&rng); - if (ret != 0) { - printf("ecc_test_allocator failed!: %d\n", ret); - } -#endif - -done: - wc_FreeRng(&rng); - - return ret; -} - -#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) - -int ecc_encrypt_test(void) -{ - WC_RNG rng; - int ret = 0; - ecc_key userA, userB; - byte msg[48]; - byte plain[48]; - byte out[80]; - word32 outSz = sizeof(out); - word32 plainSz = sizeof(plain); - int i; - ecEncCtx* cliCtx = NULL; - ecEncCtx* srvCtx = NULL; - byte cliSalt[EXCHANGE_SALT_SZ]; - byte srvSalt[EXCHANGE_SALT_SZ]; - const byte* tmpSalt; - byte msg2[48]; - byte plain2[48]; - byte out2[80]; - word32 outSz2 = sizeof(out2); - word32 plainSz2 = sizeof(plain2); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10000; - - XMEMSET(&userA, 0, sizeof(userA)); - XMEMSET(&userB, 0, sizeof(userB)); - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); - if (ret != 0) - goto done; - - ret = wc_ecc_make_key(&rng, 32, &userA); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0){ - ret = -10001; goto done; - } - - ret = wc_ecc_make_key(&rng, 32, &userB); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0){ - ret = -10002; goto done; - } - - /* set message to incrementing 0,1,2,etc... */ - for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = i; - - /* encrypt msg to B */ - ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); - if (ret != 0) { - ret = -10003; goto done; - } - - /* decrypt msg from A */ - ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); - if (ret != 0) { - ret = -10004; goto done; - } - - if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -10005; goto done; - } - - /* let's verify message exchange works, A is client, B is server */ - cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); - srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); - if (cliCtx == NULL || srvCtx == NULL) { - ret = -10006; goto done; - } - - /* get salt to send to peer */ - tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); - if (tmpSalt == NULL) { - ret = -10007; goto done; - } - XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); - - tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); - if (tmpSalt == NULL) { - ret = -10008; goto done; - } - XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); - - /* in actual use, we'd get the peer's salt over the transport */ - ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt); - if (ret != 0) - goto done; - ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt); - if (ret != 0) - goto done; - - ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11); - if (ret != 0) - goto done; - ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11); - if (ret != 0) - goto done; - - /* get encrypted msg (request) to send to B */ - outSz = sizeof(out); - ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx); - if (ret != 0) - goto done; - - /* B decrypts msg (request) from A */ - plainSz = sizeof(plain); - ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx); - if (ret != 0) - goto done; - - if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -10009; goto done; - } - - /* msg2 (response) from B to A */ - for (i = 0; i < (int)sizeof(msg2); i++) - msg2[i] = i + sizeof(msg2); - - /* get encrypted msg (response) to send to B */ - ret = wc_ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2, - &outSz2, srvCtx); - if (ret != 0) - goto done; - - /* A decrypts msg (response) from B */ - ret = wc_ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2, - cliCtx); - if (ret != 0) - goto done; - - if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { - ret = -10010; goto done; - } - -done: - - /* cleanup */ - wc_ecc_ctx_free(srvCtx); - wc_ecc_ctx_free(cliCtx); - - wc_ecc_free(&userB); - wc_ecc_free(&userA); - wc_FreeRng(&rng); - - return ret; -} - -#endif /* HAVE_ECC_ENCRYPT */ - -#ifdef USE_CERT_BUFFERS_256 -int ecc_test_buffers(void) { - size_t bytes; - ecc_key cliKey; - ecc_key servKey; - WC_RNG rng; - word32 idx = 0; - int ret; - /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ - byte in[] = "Everyone gets Friday off. ecc p"; - word32 inLen = (word32)XSTRLEN((char*)in); - byte out[256]; - byte plain[256]; - int verify = 0; - word32 x; - - ret = wc_ecc_init_ex(&cliKey, HEAP_HINT, devId); - if (ret != 0) - return -10011; - ret = wc_ecc_init_ex(&servKey, HEAP_HINT, devId); - if (ret != 0) - return -10012; - - bytes = (size_t)sizeof_ecc_clikey_der_256; - /* place client key into ecc_key struct cliKey */ - ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, - (word32)bytes); - if (ret != 0) - return -10013; - - idx = 0; - bytes = (size_t)sizeof_ecc_key_der_256; - - /* place server key into ecc_key struct servKey */ - ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, - (word32)bytes); - if (ret != 0) - return -10014; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10015; - -#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) - { - word32 y; - /* test encrypt and decrypt if they're available */ - x = sizeof(out); - ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); - if (ret < 0) - return -10016; - - y = sizeof(plain); - ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); - if (ret < 0) - return -10017; - - if (XMEMCMP(plain, in, inLen)) - return -10018; - } -#endif - - x = sizeof(out); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); - } while (ret == WC_PENDING_E); - if (ret < 0) - return -10019; - TEST_SLEEP(); - - XMEMSET(plain, 0, sizeof(plain)); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, - &cliKey); - } while (ret == WC_PENDING_E); - if (ret < 0) - return -10020; - - if (XMEMCMP(plain, in, (word32)ret)) - return -10021; - TEST_SLEEP(); - -#ifdef WOLFSSL_CERT_EXT - idx = 0; - - bytes = sizeof_ecc_clikeypub_der_256; - - ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, - (word32) bytes); - if (ret != 0) - return -10022; -#endif - - wc_ecc_free(&cliKey); - wc_ecc_free(&servKey); - wc_FreeRng(&rng); - - return 0; -} -#endif /* USE_CERT_BUFFERS_256 */ -#endif /* HAVE_ECC */ - - -#ifdef HAVE_CURVE25519 -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) -#ifdef CURVE25519_OVERFLOW_ALL_TESTS -#define X25519_TEST_CNT 5 -#else -#define X25519_TEST_CNT 1 -#endif -static int curve25519_overflow_test(void) -{ - /* secret key for party a */ - byte sa[X25519_TEST_CNT][32] = { - { - 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30, - 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c, - 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3, - 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb, - 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b, - 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e, - 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - } -#endif - }; - - /* public key for party b */ - byte pb[X25519_TEST_CNT][32] = { - { - 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - /* 0xff first byte in original - invalid! */ - 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 - }, - { - 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6, - 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8, - 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f, - 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a - }, - { - 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12, - 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd, - 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d, - 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89 - }, - { - 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba, - 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49, - 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0, - 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b - } -#endif - }; - - /* expected shared key */ - byte ss[X25519_TEST_CNT][32] = { - { - 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc, - 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e, - 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28, - 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02, - 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7, - 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79, - 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10 - } -#endif - }; - - int i; - word32 y; - byte shared[32]; - curve25519_key userA; - - wc_curve25519_init(&userA); - - for (i = 0; i < X25519_TEST_CNT; i++) { - if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], - sizeof(pb[i]), &userA) != 0) - return -10100 - i; - - /* test against known test vector */ - XMEMSET(shared, 0, sizeof(shared)); - y = sizeof(shared); - if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) - return -10110 - i; - - if (XMEMCMP(ss[i], shared, y)) - return -10120 - i; - } - - return 0; -} - -/* Test the wc_curve25519_check_public API. - * - * returns 0 on success and -ve on failure. - */ -static int curve25519_check_public_test(void) -{ - /* Little-endian values that will fail */ - byte fail_le[][CURVE25519_KEYSIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81 - }, - }; - /* Big-endian values that will fail */ - byte fail_be[][CURVE25519_KEYSIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - { - 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - }; - /* Good or valid public value */ - byte good[CURVE25519_KEYSIZE] = { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - int i; - - /* Parameter checks */ - /* NULL pointer */ - if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) != - BAD_FUNC_ARG) { - return -10200; - } - if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) != - BAD_FUNC_ARG) { - return -10201; - } - /* Length of 0 treated differently to other invalid lengths for TLS */ - if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E) - return -10202; - if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E) - return -10203; - - /* Length not CURVE25519_KEYSIZE */ - for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) { - if (i == CURVE25519_KEYSIZE) - continue; - if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) != - ECC_BAD_ARG_E) { - return -10204 - i; - } - if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) != - ECC_BAD_ARG_E) { - return -10214 - i; - } - } - - /* Little-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { - if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE, - EC25519_LITTLE_ENDIAN) == 0) { - return -10224 - i; - } - } - /* Big-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { - if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE, - EC25519_BIG_ENDIAN) == 0) { - return -10234 - i; - } - } - - /* Check a valid public value works! */ - if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, - EC25519_LITTLE_ENDIAN) != 0) { - return -10244; - } - if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, - EC25519_BIG_ENDIAN) != 0) { - return -10245; - } - - return 0; -} - -#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ - -int curve25519_test(void) -{ - WC_RNG rng; - int ret; -#ifdef HAVE_CURVE25519_SHARED_SECRET - byte sharedA[32]; - byte sharedB[32]; - word32 y; -#endif -#ifdef HAVE_CURVE25519_KEY_EXPORT - byte exportBuf[32]; -#endif - word32 x; - curve25519_key userA, userB, pubKey; - -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03 - */ - - /* secret key for party a */ - byte sa[] = { - 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76, - 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C, - 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29, - 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60 - }; - - /* public key for party a */ - byte pa[] = { - 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A, - 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D, - 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA, - 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63 - }; - - /* secret key for party b */ - byte sb[] = { - 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E, - 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB, - 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25, - 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60 - }; - - /* public key for party b */ - byte pb[] = { - 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37, - 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49, - 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1, - 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04 - }; - - /* expected shared key */ - byte ss[] = { - 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B, - 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF, - 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6, - 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB - }; -#endif /* HAVE_CURVE25519_SHARED_SECRET */ - - (void)x; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10300; - - wc_curve25519_init(&userA); - wc_curve25519_init(&userB); - wc_curve25519_init(&pubKey); - - /* make curve25519 keys */ - if (wc_curve25519_make_key(&rng, 32, &userA) != 0) - return -10301; - - if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -10302; - -#ifdef HAVE_CURVE25519_SHARED_SECRET - /* find shared secret key */ - x = sizeof(sharedA); - if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -10303; - - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10304; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -10305; - - if (XMEMCMP(sharedA, sharedB, x)) - return -10306; -#endif - -#ifdef HAVE_CURVE25519_KEY_EXPORT - /* export a public key and import it for another user */ - x = sizeof(exportBuf); - if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) - return -10307; - -#ifdef HAVE_CURVE25519_KEY_IMPORT - if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0) - return -10308; -#endif -#endif - -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) - /* test shared key after importing a public key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -10309; - - if (XMEMCMP(sharedA, sharedB, y)) - return -10310; - - /* import RFC test vectors and compare shared key */ - if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -10311; - - if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) - != 0) - return -10312; - - /* test against known test vector */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -10313; - - if (XMEMCMP(ss, sharedB, y)) - return -10314; - - /* test swapping roles of keys and generating same shared key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10315; - - if (XMEMCMP(ss, sharedB, y)) - return -10316; - - /* test with 1 generated key and 1 from known test vector */ - if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -10317; - - if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -10318; - - x = sizeof(sharedA); - if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -10319; - - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10320; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -10321; - - if (XMEMCMP(sharedA, sharedB, x)) - return -10322; - - ret = curve25519_overflow_test(); - if (ret != 0) - return ret; - ret = curve25519_check_public_test(); - if (ret != 0) - return ret; -#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ - - /* clean up keys when done */ - wc_curve25519_free(&pubKey); - wc_curve25519_free(&userB); - wc_curve25519_free(&userA); - - wc_FreeRng(&rng); - - return 0; -} -#endif /* HAVE_CURVE25519 */ - - -#ifdef HAVE_ED25519 -#ifdef WOLFSSL_TEST_CERT -static int ed25519_test_cert(void) -{ - DecodedCert cert[2]; - DecodedCert* serverCert = NULL; - DecodedCert* caCert = NULL; -#ifdef HAVE_ED25519_VERIFY - ed25519_key key; - ed25519_key* pubKey = NULL; - int verify; -#endif /* HAVE_ED25519_VERIFY */ - int ret; - byte* tmp; - size_t bytes; - XFILE file; - - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-10323, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert); - bytes = sizeof_ca_ed25519_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(caEd25519Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-10324, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-10325, done); -#endif - - InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); - caCert = &cert[0]; - ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-10326, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert); - bytes = sizeof_server_ed25519_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(serverEd25519Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-10327, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-10328, done); -#endif - - InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); - serverCert = &cert[1]; - ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-10329, done); - } - -#ifdef HAVE_ED25519_VERIFY - ret = wc_ed25519_init(&key); - if (ret < 0) { - ERROR_OUT(-10330, done); - } - pubKey = &key; - ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, - pubKey); - if (ret < 0) { - ERROR_OUT(-10331, done); - } - - if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, - serverCert->source + serverCert->certBegin, - serverCert->sigIndex - serverCert->certBegin, - &verify, pubKey) < 0 || verify != 1) { - ERROR_OUT(-10332, done); - } -#endif /* HAVE_ED25519_VERIFY */ - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef HAVE_ED25519_VERIFY - wc_ed25519_free(pubKey); -#endif /* HAVE_ED25519_VERIFY */ - if (caCert != NULL) - FreeDecodedCert(caCert); - if (serverCert != NULL) - FreeDecodedCert(serverCert); - - return ret; -} - -static int ed25519_test_make_cert(void) -{ - WC_RNG rng; - Cert cert; - DecodedCert decode; - ed25519_key key; - ed25519_key* privKey = NULL; - int ret = 0; - byte* tmp = NULL; - - wc_InitCert(&cert); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10333; - - wc_ed25519_init(&key); - privKey = &key; - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey); - - cert.daysValid = 365 * 2; - cert.selfSigned = 1; - XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); - XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); - cert.isCA = 0; -#ifdef WOLFSSL_CERT_EXT - ret = wc_SetKeyUsage(&cert, certKeyUsage); - if (ret < 0) { - ERROR_OUT(-10334, done); - } - ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-10335, done); - } - ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-10336, done); - } -#endif - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-10337, done); - } - - cert.sigType = CTC_ED25519; - ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-10338, done); - } - ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, - ED25519_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-10339, done); - } - - InitDecodedCert(&decode, tmp, ret, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - FreeDecodedCert(&decode); - if (ret != 0) { - ERROR_OUT(-10340, done); - } - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed25519_free(privKey); - wc_FreeRng(&rng); - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ - defined(HAVE_ED25519_KEY_IMPORT) -static int ed25519ctx_test(void) -{ - byte out[ED25519_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ - ed25519_key key; - - static const byte sKeyCtx[] = { - 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, - 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, - 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, - 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 - }; - - static const byte pKeyCtx[] = { - 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, - 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, - 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, - 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 - }; - - static const byte sigCtx1[] = { - 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, - 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, - 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, - 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, - 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, - 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, - 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, - 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d - }; - - static const byte sigCtx2[] = { - 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3, - 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a, - 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5, - 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4, - 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d, - 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54, - 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68, - 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d - }; - - static const byte msgCtx[] = { - 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, - 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 - }; - - static const byte contextCtx[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -10400; - - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -10401; - - if (XMEMCMP(out, sigCtx1, 64)) - return -10402; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, contextCtx, sizeof(contextCtx)) != 0 || - verify != 1) - return -10403; -#endif - - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, - 0) != 0) - return -10404; - - if (XMEMCMP(out, sigCtx2, 64)) - return -10405; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, NULL, 0) != 0 || verify != 1) - return -10406; -#endif - - wc_ed25519_free(&key); - - return 0; -} - -static int ed25519ph_test(void) -{ - byte out[ED25519_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ - ed25519_key key; - - static const byte sKeyPh[] = { - 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, - 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, - 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, - 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 - }; - - static const byte pKeyPh[] = { - 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, - 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, - 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, - 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf - }; - - static const byte sigPh1[] = { - 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, - 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, - 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, - 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, - 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, - 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, - 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, - 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 - }; - - static const byte sigPh2[] = { - 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, - 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, - 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, - 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, - 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, - 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, - 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, - 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e - }; - - static const byte msgPh[] = { - 0x61,0x62,0x63 - }; - - /* SHA-512 hash of msgPh */ - static const byte hashPh[] = { - 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - }; - - static const byte contextPh2[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { - return -10500; - } - - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10501; - } - - if (XMEMCMP(out, sigPh1, 64)) - return -10502; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10503; - } -#endif - - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10504; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10505; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10506; - } -#endif - - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10507; - } - - if (XMEMCMP(out, sigPh1, 64)) - return -10508; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10509; - } -#endif - - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10510; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10511; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10512; - } -#endif - - wc_ed25519_free(&key); - - return 0; -} -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - -int ed25519_test(void) -{ - int ret; - WC_RNG rng; -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ - defined(HAVE_ED25519_KEY_IMPORT) - byte out[ED25519_SIG_SIZE]; - byte exportPKey[ED25519_KEY_SIZE]; - byte exportSKey[ED25519_KEY_SIZE]; - word32 exportPSz; - word32 exportSSz; - int i; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - word32 keySz, sigSz; - ed25519_key key; - ed25519_key key2; - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ - defined(HAVE_ED25519_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02 - */ - - static const byte sKey1[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - static const byte sKey2[] = { - 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda, - 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f, - 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24, - 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb - }; - - static const byte sKey3[] = { - 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, - 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, - 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, - 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 - }; - - /* uncompressed test */ - static const byte sKey4[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - /* compressed prefix test */ - static const byte sKey5[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - static const byte sKey6[] = { - 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95, - 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c, - 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74, - 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5 - }; - - static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; - - static const byte pKey1[] = { - 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, - 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, - 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, - 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a - }; - - static const byte pKey2[] = { - 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a, - 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc, - 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c, - 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c - }; - - static const byte pKey3[] = { - 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, - 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, - 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, - 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 - }; - - /* uncompressed test */ - static const byte pKey4[] = { - 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34, - 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6, - 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c, - 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45, - 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02, - 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1, - 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b, - 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a, - 0xd7 - }; - - /* compressed prefix */ - static const byte pKey5[] = { - 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, - 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, - 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, - 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a - }; - - static const byte pKey6[] = { - 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34, - 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86, - 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5, - 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e - }; - - static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; - static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), - sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; - - static const byte sig1[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - static const byte sig2[] = { - 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8, - 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40, - 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f, - 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda, - 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e, - 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c, - 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee, - 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00 - }; - - static const byte sig3[] = { - 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, - 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, - 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, - 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, - 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, - 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, - 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, - 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a - }; - - /* uncompressed test */ - static const byte sig4[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - /* compressed prefix */ - static const byte sig5[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - static const byte sig6[] = { - 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2, - 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a, - 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb, - 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50, - 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45, - 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b, - 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6, - 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03 - }; - - static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; - - static const byte msg1[] = {0x0 }; - static const byte msg2[] = {0x72}; - static const byte msg3[] = {0xAF,0x82}; - - /* test of a 1024 byte long message */ - static const byte msg4[] = { - 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43, - 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08, - 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91, - 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98, - 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12, - 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1, - 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f, - 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8, - 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96, - 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57, - 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37, - 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d, - 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0, - 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c, - 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b, - 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc, - 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3, - 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a, - 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e, - 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe, - 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82, - 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b, - 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6, - 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e, - 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8, - 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9, - 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28, - 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef, - 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68, - 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10, - 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1, - 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7, - 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04, - 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4, - 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53, - 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1, - 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44, - 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9, - 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5, - 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2, - 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59, - 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d, - 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce, - 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24, - 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6, - 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd, - 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf, - 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70, - 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59, - 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53, - 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78, - 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc, - 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9, - 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b, - 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2, - 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07, - 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75, - 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a, - 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d, - 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba, - 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31, - 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b, - 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22, - 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a, - 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78, - 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b, - 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88, - 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e, - 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9, - 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8, - 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4, - 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7, - 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55, - 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1, - 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01, - 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c, - 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb, - 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d, - 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c, - 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8, - 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb, - 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8, - 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14, - 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf, - 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9, - 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27, - 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b, - 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08, - 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a, - 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7, - 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67, - 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49, - 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f, - 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57, - 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a, - 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4, - 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5, - 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1, - 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d, - 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3, - 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e, - 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09, - 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79, - 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e, - 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4, - 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2, - 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66, - 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f, - 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98, - 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41, - 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c, - 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5, - 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3, - 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61, - 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9, - 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1, - 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45, - 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34, - 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd, - 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d, - 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85, - 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e, - 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47, - 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c, - 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef, - 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca, - 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08, - 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0 - }; - - static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; - static const word16 msgSz[] = {0 /*sizeof(msg1)*/, - sizeof(msg2), - sizeof(msg3), - 0 /*sizeof(msg1)*/, - 0 /*sizeof(msg1)*/, - sizeof(msg4) - }; -#ifndef NO_ASN - static byte privateEd25519[] = { - 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, - 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - static byte publicEd25519[] = { - 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, - 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, - 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, - 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, - 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, - 0xf7,0x07,0x51,0x1a - }; - static byte privPubEd25519[] = { - 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, - 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, - 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01, - 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, - 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, - 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, - 0xf7,0x07,0x51,0x1a - }; - - word32 idx; - ed25519_key key3; -#endif /* NO_ASN */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - - /* create ed25519 keys */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10600; - - wc_ed25519_init(&key); - wc_ed25519_init(&key2); -#ifndef NO_ASN - wc_ed25519_init(&key3); -#endif - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); - - /* helper functions for signature and key size */ - keySz = wc_ed25519_size(&key); - sigSz = wc_ed25519_sig_size(&key); - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ - defined(HAVE_ED25519_KEY_IMPORT) - for (i = 0; i < 6; i++) { - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) - return -10601 - i; - - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) - return -10611 - i; - - if (XMEMCMP(out, sigs[i], 64)) - return -10621 - i; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) != 0 || verify != 1) - return -10631 - i; - - /* test verify on bad msg */ - out[outlen-1] = out[outlen-1] + 1; - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) == 0 || verify == 1) - return -10641 - i; -#endif /* HAVE_ED25519_VERIFY */ - - /* test api for import/exporting keys */ - exportPSz = sizeof(exportPKey); - exportSSz = sizeof(exportSKey); - if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) - return -10651 - i; - - if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0) - return -10661 - i; - - if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -10671 - i; - - if (wc_ed25519_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) - return -10681 - i; - - /* clear "out" buffer and test sign with imported keys */ - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) - return -10691 - i; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key2) != 0 || verify != 1) - return -10701 - i; - - if (XMEMCMP(out, sigs[i], 64)) - return -10711 - i; -#endif /* HAVE_ED25519_VERIFY */ - } - - ret = ed25519ctx_test(); - if (ret != 0) - return ret; - - ret = ed25519ph_test(); - if (ret != 0) - return ret; - -#ifndef NO_ASN - /* Try ASN.1 encoded private-only key and public key. */ - idx = 0; - if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, - sizeof(privateEd25519)) != 0) - return -10721 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) - != BAD_FUNC_ARG) - return -10731 - i; - - idx = 0; - if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, - sizeof(publicEd25519)) != 0) - return -10741 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) - return -10751 - i; - - if (XMEMCMP(out, sigs[0], 64)) - return -10761 - i; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) - != 0 || verify != 1) - return -10771 - i; -#endif /* HAVE_ED25519_VERIFY */ - - wc_ed25519_free(&key3); - wc_ed25519_init(&key3); - - idx = 0; - if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, - sizeof(privPubEd25519)) != 0) - return -10781 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) - return -10791 - i; - - if (XMEMCMP(out, sigs[0], 64)) - return -10801 - i; - - wc_ed25519_free(&key3); -#endif /* NO_ASN */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - - /* clean up keys when done */ - wc_ed25519_free(&key); - wc_ed25519_free(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - - /* hush warnings of unused keySz and sigSz */ - (void)keySz; - (void)sigSz; - -#ifdef WOLFSSL_TEST_CERT - ret = ed25519_test_cert(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_CERT_GEN - ret = ed25519_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE448 -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) -/* Test the wc_curve448_check_public API. - * - * returns 0 on success and -ve on failure. - */ -static int curve448_check_public_test(void) -{ - /* Little-endian values that will fail */ - byte fail_le[][CURVE448_KEY_SIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - }; - /* Big-endian values that will fail */ - byte fail_be[][CURVE448_KEY_SIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - }; - /* Good or valid public value */ - byte good[CURVE448_KEY_SIZE] = { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - int i; - - /* Parameter checks */ - /* NULL pointer */ - if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) != - BAD_FUNC_ARG) { - return -10900; - } - if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) { - return -10901; - } - /* Length of 0 treated differently to other invalid lengths for TLS */ - if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E) - return -10902; - if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E) - return -10903; - - /* Length not CURVE448_KEY_SIZE */ - for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) { - if (i == CURVE448_KEY_SIZE) - continue; - if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) != - ECC_BAD_ARG_E) { - return -10904 - i; - } - if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) != - ECC_BAD_ARG_E) { - return -10914 - i; - } - } - - /* Little-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { - if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE, - EC448_LITTLE_ENDIAN) == 0) { - return -10924 - i; - } - } - /* Big-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { - if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE, - EC448_BIG_ENDIAN) == 0) { - return -10934 - i; - } - } - - /* Check a valid public value works! */ - if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, - EC448_LITTLE_ENDIAN) != 0) { - return -10944; - } - if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, - EC448_BIG_ENDIAN) != 0) { - return -10945; - } - - return 0; -} - -#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ - -int curve448_test(void) -{ - WC_RNG rng; - int ret; -#ifdef HAVE_CURVE448_SHARED_SECRET - byte sharedA[CURVE448_KEY_SIZE]; - byte sharedB[CURVE448_KEY_SIZE]; - word32 y; -#endif -#ifdef HAVE_CURVE448_KEY_EXPORT - byte exportBuf[CURVE448_KEY_SIZE]; -#endif - word32 x; - curve448_key userA, userB, pubKey; - - (void)x; - -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) - /* test vectors from - https://www.rfc-editor.org/rfc/rfc7748.html - */ - - /* secret key for party a */ - byte sa[] = { - 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a, - 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00, - 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74, - 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4, - 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee, - 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75, - 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a, - }; - - /* public key for party a */ - byte pa[] = { - 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17, - 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c, - 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8, - 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa, - 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27, - 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d, - 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b, - }; - - /* secret key for party b */ - byte sb[] = { - 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36, - 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37, - 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb, - 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f, - 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6, - 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99, - 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c, - }; - - /* public key for party b */ - byte pb[] = { - 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07, - 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7, - 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc, - 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3, - 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d, - 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc, - 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e, - }; - - /* expected shared key */ - byte ss[] = { - 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44, - 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52, - 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd, - 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28, - 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d, - 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec, - 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07, - }; -#endif /* HAVE_CURVE448_SHARED_SECRET */ - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11000; - - wc_curve448_init(&userA); - wc_curve448_init(&userB); - wc_curve448_init(&pubKey); - - /* make curve448 keys */ - if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0) - return -11001; - - if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0) - return -11002; - -#ifdef HAVE_CURVE448_SHARED_SECRET - /* find shared secret key */ - x = sizeof(sharedA); - if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -11003; - - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11004; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -11005; - - if (XMEMCMP(sharedA, sharedB, x)) - return -11006; -#endif - -#ifdef HAVE_CURVE448_KEY_EXPORT - /* export a public key and import it for another user */ - x = sizeof(exportBuf); - if (wc_curve448_export_public(&userA, exportBuf, &x) != 0) - return -11007; - -#ifdef HAVE_CURVE448_KEY_IMPORT - if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0) - return -11008; -#endif -#endif - -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) - /* test shared key after importing a public key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -11009; - - if (XMEMCMP(sharedA, sharedB, y)) - return -11010; - - /* import RFC test vectors and compare shared key */ - if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -11011; - - if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) - != 0) - return -11012; - - /* test against known test vector */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -11013; - - if (XMEMCMP(ss, sharedB, y)) - return -11014; - - /* test swapping roles of keys and generating same shared key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11015; - - if (XMEMCMP(ss, sharedB, y)) - return -11016; - - /* test with 1 generated key and 1 from known test vector */ - if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -11017; - - if (wc_curve448_make_key(&rng, 56, &userB) != 0) - return -11018; - - x = sizeof(sharedA); - if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -11019; - - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11020; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -11021; - - if (XMEMCMP(sharedA, sharedB, x)) - return -11022; - - ret = curve448_check_public_test(); - if (ret != 0) - return ret; -#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ - - /* clean up keys when done */ - wc_curve448_free(&pubKey); - wc_curve448_free(&userB); - wc_curve448_free(&userA); - - wc_FreeRng(&rng); - - return 0; -} -#endif /* HAVE_CURVE448 */ - -#ifdef HAVE_ED448 -#ifdef WOLFSSL_TEST_CERT -static int ed448_test_cert(void) -{ - DecodedCert cert[2]; - DecodedCert* serverCert = NULL; - DecodedCert* caCert = NULL; -#ifdef HAVE_ED448_VERIFY - ed448_key key; - ed448_key* pubKey = NULL; - int verify; -#endif /* HAVE_ED448_VERIFY */ - int ret; - byte* tmp; - size_t bytes; - XFILE file; - - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-11023, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert); - bytes = sizeof_ca_ed448_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(caEd448Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-11024, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-11025, done); -#endif - - InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); - caCert = &cert[0]; - ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-11026, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert); - bytes = sizeof_server_ed448_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(serverEd448Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-11027, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-11028, done); -#endif - - InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); - serverCert = &cert[1]; - ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-11029, done); - } - -#ifdef HAVE_ED448_VERIFY - ret = wc_ed448_init(&key); - if (ret < 0) { - ERROR_OUT(-11030, done); - } - pubKey = &key; - ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); - if (ret < 0) { - ERROR_OUT(-11031, done); - } - - if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength, - serverCert->source + serverCert->certBegin, - serverCert->sigIndex - serverCert->certBegin, - &verify, pubKey) < 0 || verify != 1) { - ERROR_OUT(-11032, done); - } -#endif /* HAVE_ED448_VERIFY */ - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef HAVE_ED448_VERIFY - wc_ed448_free(pubKey); -#endif /* HAVE_ED448_VERIFY */ - if (caCert != NULL) - FreeDecodedCert(caCert); - if (serverCert != NULL) - FreeDecodedCert(serverCert); - - return ret; -} - -static int ed448_test_make_cert(void) -{ - WC_RNG rng; - Cert cert; - DecodedCert decode; - ed448_key key; - ed448_key* privKey = NULL; - int ret = 0; - byte* tmp = NULL; - - wc_InitCert(&cert); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11033; - - wc_ed448_init(&key); - privKey = &key; - wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey); - - cert.daysValid = 365 * 2; - cert.selfSigned = 1; - XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); - XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); - cert.isCA = 0; -#ifdef WOLFSSL_CERT_EXT - ret = wc_SetKeyUsage(&cert, certKeyUsage); - if (ret < 0) { - ERROR_OUT(-11034, done); - } - ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-11035, done); - } - ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-11036, done); - } -#endif - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-11037, done); - } - - cert.sigType = CTC_ED448; - ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-11038, done); - } - ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE, - privKey, &rng); - if (ret < 0) { - ERROR_OUT(-11039, done); - } - - InitDecodedCert(&decode, tmp, ret, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - FreeDecodedCert(&decode); - if (ret != 0) { - ERROR_OUT(-11040, done); - } - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed448_free(privKey); - wc_FreeRng(&rng); - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ - defined(HAVE_ED448_KEY_IMPORT) -static int ed448_ctx_test(void) -{ - byte out[ED448_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ - ed448_key key; - - static const byte sKeyCtx[] = { - 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - }; - - static const byte pKeyCtx[] = { - 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - }; - - static const byte sigCtx[] = { - 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, - 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, - 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, - 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, - 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, - 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, - 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, - 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, - 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, - 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, - 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, - 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, - 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, - 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, - 0x3c, 0x00 - }; - - static const byte msgCtx[] = { - 0x03 - }; - - static const byte contextCtx[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -11100; - - if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -11101; - - if (XMEMCMP(out, sigCtx, sizeof(sigCtx))) - return -11102; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key, - contextCtx, sizeof(contextCtx)) != 0 || verify != 1) - return -11103; -#endif - - wc_ed448_free(&key); - - return 0; -} - -static int ed448ph_test(void) -{ - byte out[ED448_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ - ed448_key key; - - static const byte sKeyPh[] = { - 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, - 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, - 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, - 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, - 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, - 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, - 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, - 0x49 - }; - - static const byte pKeyPh[] = { - 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, - 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, - 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, - 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, - 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, - 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, - 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, - 0x80 - }; - - static const byte sigPh1[] = { - 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d, - 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69, - 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56, - 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38, - 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15, - 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd, - 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b, - 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd, - 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94, - 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5, - 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94, - 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3, - 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60, - 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9, - 0x0f, 0x00 - }; - - static const byte sigPh2[] = { - 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, - 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, - 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, - 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, - 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, - 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, - 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, - 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, - 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, - 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, - 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, - 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, - 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, - 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, - 0x21, 0x00 - }; - - static const byte msgPh[] = { - 0x61,0x62,0x63 - }; - - /* SHA-512 hash of msgPh */ - static const byte hashPh[] = { - 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, - 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, - 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, - 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, - 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, - 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, - 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, - 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 - }; - - static const byte contextPh2[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { - return -11200; - } - - if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -11201; - } - - if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) - return -11202; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, - NULL, 0) != 0 || verify != 1) { - return -11203; - } -#endif - - if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -11204; - } - - if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) - return -11205; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, - contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -11206; - } -#endif - - if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -11207; - } - - if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) - return -11208; - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || verify != 1) { - return -11209; - } -#endif - - if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -11210; - } - - if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) - return -11211; - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -11212; - } -#endif - - wc_ed448_free(&key); - - return 0; -} -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - -int ed448_test(void) -{ - int ret; - WC_RNG rng; -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ - defined(HAVE_ED448_KEY_IMPORT) - byte out[ED448_SIG_SIZE]; - byte exportPKey[ED448_KEY_SIZE]; - byte exportSKey[ED448_KEY_SIZE]; - word32 exportPSz; - word32 exportSSz; - int i; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - word32 keySz, sigSz; - ed448_key key; - ed448_key key2; - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ - defined(HAVE_ED448_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/rfc8032 - */ - - static const byte sKey1[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - static const byte sKey2[] = { - 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - }; - - static const byte sKey3[] = { - 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, - 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, - 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, - 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, - 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, - 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, - 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, - 0x1b - }; - - /* uncompressed test */ - static const byte sKey4[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - /* compressed prefix test */ - static const byte sKey5[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - static const byte sKey6[] = { - 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73, - 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8, - 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83, - 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec, - 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea, - 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19, - 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c, - 0xe8 - }; - - static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; - - static const byte pKey1[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - static const byte pKey2[] = { - 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - }; - - static const byte pKey3[] = { - 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, - 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, - 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, - 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, - 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, - 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, - 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, - 0x80 - }; - - /* uncompressed test */ - static const byte pKey4[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - /* compressed prefix */ - static const byte pKey5[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - static const byte pKey6[] = { - 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94, - 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb, - 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14, - 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d, - 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c, - 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd, - 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4, - 0x00 - }; - - static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; - static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), - sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; - - static const byte sig1[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - static const byte sig2[] = { - 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89, - 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77, - 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35, - 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35, - 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7, - 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33, - 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79, - 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb, - 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36, - 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36, - 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29, - 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f, - 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf, - 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0, - 0x3a, 0x00 - }; - - static const byte sig3[] = { - 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, - 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, - 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, - 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, - 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, - 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, - 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, - 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, - 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, - 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, - 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, - 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, - 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, - 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, - 0x3c, 0x00 - }; - - /* uncompressed test */ - static const byte sig4[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - /* compressed prefix */ - static const byte sig5[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - static const byte sig6[] = { - 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d, - 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75, - 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2, - 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd, - 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63, - 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a, - 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97, - 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d, - 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c, - 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29, - 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d, - 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57, - 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17, - 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e, - 0x1a, 0x00 - }; - - static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; - - static const byte msg1[] = { }; - static const byte msg2[] = { 0x03 }; - static const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, - 0x66, 0x81, 0x1e, 0x29, 0x15 }; - - /* test of a 1023 byte long message */ - static const byte msg4[] = { - 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86, - 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35, - 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c, - 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12, - 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51, - 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50, - 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4, - 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd, - 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6, - 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa, - 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36, - 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc, - 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc, - 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76, - 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf, - 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9, - 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69, - 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e, - 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23, - 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9, - 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47, - 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60, - 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6, - 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21, - 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad, - 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77, - 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17, - 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17, - 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78, - 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e, - 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3, - 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13, - 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93, - 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25, - 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5, - 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0, - 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb, - 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b, - 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed, - 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20, - 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97, - 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73, - 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22, - 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1, - 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5, - 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9, - 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c, - 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98, - 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25, - 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1, - 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6, - 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee, - 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13, - 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7, - 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d, - 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6, - 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f, - 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42, - 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8, - 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4, - 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6, - 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68, - 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00, - 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9, - 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c, - 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40, - 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6, - 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41, - 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c, - 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84, - 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2, - 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56, - 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63, - 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa, - 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99, - 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab, - 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c, - 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2, - 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42, - 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3, - 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17, - 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26, - 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20, - 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35, - 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e, - 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72, - 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a, - 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14, - 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53, - 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc, - 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c, - 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67, - 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01, - 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa, - 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65, - 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05, - 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde, - 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37, - 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07, - 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63, - 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd, - 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64, - 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a, - 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d, - 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6, - 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c, - 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2, - 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c, - 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7, - 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56, - 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1, - 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e, - 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9, - 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15, - 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd, - 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd, - 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d, - 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b, - 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56, - 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4, - 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b, - 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69, - 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4, - 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95, - 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff, - 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e, - 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1, - 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87 - }; - - static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; - static const word16 msgSz[] = {0 /*sizeof(msg1)*/, - sizeof(msg2), - sizeof(msg3), - 0 /*sizeof(msg1)*/, - 0 /*sizeof(msg1)*/, - sizeof(msg4) - }; -#ifndef NO_ASN - static byte privateEd448[] = { - 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39, - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - static byte publicEd448[] = { - 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, - 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b, - 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec, - 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24, - 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, - 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, - 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, - 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe, - 0xaf, 0xe8, 0x25, 0x61, 0x80 - }; - static byte privPubEd448[] = { - 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05, - 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, - 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, - 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, - 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, - 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, - 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, - 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, - 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, - 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7, - 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, - 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, - 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, - 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, - 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, - 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, - 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 - }; - - word32 idx; - ed448_key key3; -#endif /* NO_ASN */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - - /* create ed448 keys */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11300; - - wc_ed448_init(&key); - wc_ed448_init(&key2); -#ifndef NO_ASN - wc_ed448_init(&key3); -#endif - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key2); - - /* helper functions for signature and key size */ - keySz = wc_ed448_size(&key); - sigSz = wc_ed448_sig_size(&key); - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ - defined(HAVE_ED448_KEY_IMPORT) - for (i = 0; i < 6; i++) { - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) - return -11301 - i; - - if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key, NULL, - 0) != 0) { - return -11311 - i; - } - - if (XMEMCMP(out, sigs[i], 114)) - return -11321 - i; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, - NULL, 0) != 0 || verify != 1) { - return -11331 - i; - } - - /* test verify on bad msg */ - out[outlen-2] = out[outlen-2] + 1; - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, - NULL, 0) == 0 || verify == 1) { - return -11341 - i; - } -#endif /* HAVE_ED448_VERIFY */ - - /* test api for import/exporting keys */ - exportPSz = sizeof(exportPKey); - exportSSz = sizeof(exportSKey); - if (wc_ed448_export_public(&key, exportPKey, &exportPSz) != 0) - return -11351 - i; - - if (wc_ed448_import_public(exportPKey, exportPSz, &key2) != 0) - return -11361 - i; - - if (wc_ed448_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -11371 - i; - - if (wc_ed448_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) - return -11381 - i; - - /* clear "out" buffer and test sign with imported keys */ - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2, NULL, - 0) != 0) { - return -11391 - i; - } - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2, - NULL, 0) != 0 || verify != 1) - return -11401 - i; - - if (XMEMCMP(out, sigs[i], sizeof(sigs[i]))) - return -11411 - i; -#endif /* HAVE_ED448_VERIFY */ - } - - ret = ed448_ctx_test(); - if (ret != 0) - return ret; - - ret = ed448ph_test(); - if (ret != 0) - return ret; - -#ifndef NO_ASN - /* Try ASN.1 encoded private-only key and public key. */ - idx = 0; - if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3, - sizeof(privateEd448)) != 0) - return -11421 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) - != BAD_FUNC_ARG) - return -11431 - i; - - idx = 0; - if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3, - sizeof(publicEd448)) != 0) - return -11441 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) - return -11451 - i; - - if (XMEMCMP(out, sigs[0], sizeof(sigs[0]))) - return -11461 - i; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3, - NULL, 0) != 0 || verify != 1) - return -11471 - i; -#endif /* HAVE_ED448_VERIFY */ - - wc_ed448_free(&key3); - wc_ed448_init(&key3); - - idx = 0; - if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3, - sizeof(privPubEd448)) != 0) - return -11481 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) - return -11491 - i; - - if (XMEMCMP(out, sigs[0], sizeof(sigs[0]))) - return -11501 - i; - - wc_ed448_free(&key3); -#endif /* NO_ASN */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - - /* clean up keys when done */ - wc_ed448_free(&key); - wc_ed448_free(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - - /* hush warnings of unused keySz and sigSz */ - (void)keySz; - (void)sigSz; - -#ifdef WOLFSSL_TEST_CERT - ret = ed448_test_cert(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_CERT_GEN - ret = ed448_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; -} -#endif /* HAVE_ED448 */ - -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) - -typedef struct CMAC_Test_Case { - int type; - int partial; - const byte* m; - word32 mSz; - const byte* k; - word32 kSz; - const byte* t; - word32 tSz; -} CMAC_Test_Case; - -int cmac_test(void) -{ -#ifdef WOLFSSL_AES_128 - const byte k128[] = - { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - }; - #define KLEN_128 (sizeof(k128)) -#endif -#ifdef WOLFSSL_AES_192 - const byte k192[] = - { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b - }; - #define KLEN_192 (sizeof(k192)) -#endif -#ifdef WOLFSSL_AES_256 - const byte k256[] = - { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 - }; - #define KLEN_256 (sizeof(k256)) -#endif - - const byte m[] = - { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 - }; - #define MLEN_0 (0) - #define MLEN_128 (128/8) - #define MLEN_320 (320/8) - #define MLEN_319 (MLEN_320 - 1) - #define MLEN_512 (512/8) - -#ifdef WOLFSSL_AES_128 - const byte t128_0[] = - { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 - }; - const byte t128_128[] = - { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c - }; - const byte t128_319[] = - { - 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95, - 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2 - }; - const byte t128_320[] = - { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 - }; - const byte t128_512[] = - { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe - }; -#endif -#ifdef WOLFSSL_AES_192 - const byte t192_0[] = - { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 - }; - const byte t192_128[] = - { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 - }; - const byte t192_320[] = - { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e - }; - const byte t192_512[] = - { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte t256_0[] = - { - 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, - 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 - }; - const byte t256_128[] = - { - 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, - 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c - }; - const byte t256_320[] = - { - 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, - 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 - }; - const byte t256_512[] = - { - 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, - 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 - }; -#endif - const CMAC_Test_Case testCases[] = - { -#ifdef WOLFSSL_AES_128 - {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_192 - {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_256 - {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_128 - {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE} -#endif - }; - - Cmac cmac; - byte tag[AES_BLOCK_SIZE]; - const CMAC_Test_Case* tc; - word32 i, tagSz; - - for (i = 0, tc = testCases; - i < sizeof(testCases)/sizeof(CMAC_Test_Case); - i++, tc++) { - - XMEMSET(tag, 0, sizeof(tag)); - tagSz = AES_BLOCK_SIZE; - if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0) - return -11600; - if (tc->partial) { - if (wc_CmacUpdate(&cmac, tc->m, - tc->mSz/2 - tc->partial) != 0) - return -11601; - if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial, - tc->mSz/2 + tc->partial) != 0) - return -11602; - } - else { - if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0) - return -11603; - } - if (wc_CmacFinal(&cmac, tag, &tagSz) != 0) - return -11604; - if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -11605; - - XMEMSET(tag, 0, sizeof(tag)); - tagSz = sizeof(tag); - if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, - tc->k, tc->kSz) != 0) - return -11606; - if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -11607; - if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, - tc->k, tc->kSz) != 0) - return -11608; - } - - return 0; -} - -#endif /* NO_AES && WOLFSSL_CMAC */ - -#ifdef HAVE_LIBZ - -const byte sample_text[] = - "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n" - "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n" - "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n" - "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n" - "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n" - "small batch meggings kogi dolore food truck bespoke gastropub.\n" - "\n" - "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n" - "four loko you probably haven't heard of them high life. Messenger bag\n" - "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n" - "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n" - "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n" - "food truck next level, tousled irony non semiotics PBR ethical anim cred\n" - "readymade. Mumblecore brunch lomo odd future, portland organic terry\n" - "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n" - "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n" - "four loko whatever street art yr farm-to-table.\n" - "\n" - "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n" - "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n" - "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n" - "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n" - "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n" - "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n" - "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n" - "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n" - "locavore.\n" - "\n" - "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n" - "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n" - "cillum pickled velit, YOLO officia you probably haven't heard of them\n" - "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n" - "small batch american apparel. Put a bird on it cosby sweater before they\n" - "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n" - "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n" - "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n" - "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n" - "neutra PBR selvage.\n" - "\n" - "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n" - "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n" - "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n" - "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n" - "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n" - "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n" - "incididunt flannel sustainable helvetica pork belly pug banksy you\n" - "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n" - "mollit magna, sriracha sartorial helvetica.\n" - "\n" - "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n" - "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n" - "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n" - "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n" - "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n" - "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n" - "Veniam sunt food truck leggings, sint vinyl fap.\n" - "\n" - "Hella dolore pork belly, truffaut carles you probably haven't heard of\n" - "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n" - "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n" - "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n" - "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n" - "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n" - "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n" - "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n" - "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n" - "\n" - "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n" - "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n" - "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n" - "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n" - "tousled beard mollit mustache leggings portland next level. Nihil esse\n" - "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n" - "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n" - "bag dolor terry richardson sapiente.\n"; - -const byte sample_text_gz[] = { - 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70, - 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D, - 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9, - 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0, - 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE, - 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78, - 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69, - 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A, - 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64, - 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72, - 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B, - 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37, - 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C, - 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68, - 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5, - 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE, - 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC, - 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF, - 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF, - 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F, - 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A, - 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2, - 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F, - 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD, - 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F, - 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF, - 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88, - 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB, - 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD, - 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4, - 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B, - 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F, - 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD, - 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39, - 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E, - 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E, - 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B, - 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF, - 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30, - 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D, - 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9, - 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34, - 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02, - 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00, - 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96, - 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F, - 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38, - 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20, - 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4, - 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99, - 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6, - 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74, - 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3, - 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20, - 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79, - 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A, - 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29, - 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4, - 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3, - 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7, - 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58, - 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4, - 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58, - 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86, - 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39, - 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47, - 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97, - 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3, - 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8, - 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71, - 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84, - 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29, - 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A, - 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6, - 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A, - 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD, - 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A, - 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46, - 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3, - 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D, - 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03, - 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E, - 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6, - 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73, - 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52, - 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2, - 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1, - 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B, - 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1, - 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24, - 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A, - 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3, - 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E, - 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C, - 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D, - 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15, - 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F, - 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5, - 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F, - 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35, - 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD, - 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C, - 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56, - 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD, - 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88, - 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B, - 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48, - 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44, - 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D, - 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE, - 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C, - 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10, - 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84, - 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA, - 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41, - 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96, - 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49, - 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09, - 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20, - 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C, - 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46, - 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95, - 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13, - 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26, - 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB, - 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28, - 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E, - 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA, - 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0, - 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7, - 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0, - 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34, - 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2, - 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4, - 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C, - 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43, - 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53, - 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0, - 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D, - 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F, - 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73, - 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD, - 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59, - 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C, - 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B, - 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15, - 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39, - 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92, - 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF, - 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00 -}; - -int compress_test(void) -{ - int ret = 0; - word32 dSz = sizeof(sample_text); - word32 cSz = (dSz + (word32)(dSz * 0.001) + 12); - byte *c; - byte *d; - - c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (c == NULL || d == NULL) { - ERROR_OUT(-11700, exit); - } - - /* follow calloc and initialize to 0 */ - XMEMSET(c, 0, cSz); - XMEMSET(d, 0, dSz); - - if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { - ERROR_OUT(-11701, exit); - } - cSz = (word32)ret; - - if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { - ERROR_OUT(-11702, exit); - } - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11703, exit); - } - - /* GZIP tests */ - cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */ - XMEMSET(c, 0, cSz); - XMEMSET(d, 0, dSz); - - ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11704, exit); - } - cSz = (word32)ret; - - ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11705, exit); - } - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11706, exit); - } - - /* Try with gzip generated output */ - XMEMSET(d, 0, dSz); - ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz), - LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11707, exit); - } - dSz = (word32)ret; - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11708, exit); - } - - ret = 0; /* success */ - -exit: - if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#endif /* HAVE_LIBZ */ - -#ifdef HAVE_PKCS7 - -/* External Debugging/Testing Note: - * - * PKCS#7 test functions can output generated PKCS#7/CMS bundles for - * additional testing. To dump bundles to files DER encoded files, please - * define: - * - * #define PKCS7_OUTPUT_TEST_BUNDLES - */ - - -/* Loads certs and keys for use with PKCS7 tests, from either files - * or buffers. - * - * rsaClientCertBuf - output buffer for RSA client cert - * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert - * rsaClientPrivKeyBuf - output buffer for RSA client private key - * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key - * - * rsaServerCertBuf - output buffer for RSA server cert - * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert - * rsaServerPrivKeyBuf - output buffer for RSA server private key - * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key - * - * rsaCaCertBuf - output buffer for RSA CA cert - * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert - * rsaCaPrivKeyBuf - output buffer for RSA CA private key - * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key - * - * eccClientCertBuf - output buffer for ECC cert - * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert - * eccClientPrivKeyBuf - output buffer for ECC private key - * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key - * - * Returns 0 on success, negative on error - */ -static int pkcs7_load_certs_keys( - byte* rsaClientCertBuf, word32* rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32* rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32* rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32* eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz) -{ -#ifndef NO_FILESYSTEM - XFILE certFile; - XFILE keyFile; - - (void)certFile; - (void)keyFile; -#endif - -#ifndef NO_RSA - if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL || - rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL) - return BAD_FUNC_ARG; -#endif - -#ifdef HAVE_ECC - if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL || - eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL) - return BAD_FUNC_ARG; -#endif - -/* RSA */ -#ifndef NO_RSA - -#ifdef USE_CERT_BUFFERS_1024 - if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024) - return -11709; - - XMEMCPY(rsaClientCertBuf, client_cert_der_1024, - sizeof_client_cert_der_1024); - *rsaClientCertBufSz = sizeof_client_cert_der_1024; - - if (rsaServerCertBuf != NULL) { - if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024) - return -11710; - - XMEMCPY(rsaServerCertBuf, server_cert_der_1024, - sizeof_server_cert_der_1024); - *rsaServerCertBufSz = sizeof_server_cert_der_1024; - } - - if (rsaCaCertBuf != NULL) { - if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024) - return -11711; - - XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024); - *rsaCaCertBufSz = sizeof_ca_cert_der_1024; - } -#elif defined(USE_CERT_BUFFERS_2048) - if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048) - return -11712; - - XMEMCPY(rsaClientCertBuf, client_cert_der_2048, - sizeof_client_cert_der_2048); - *rsaClientCertBufSz = sizeof_client_cert_der_2048; - - if (rsaServerCertBuf != NULL) { - if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048) - return -11713; - - XMEMCPY(rsaServerCertBuf, server_cert_der_2048, - sizeof_server_cert_der_2048); - *rsaServerCertBufSz = sizeof_server_cert_der_2048; - } - - if (rsaCaCertBuf != NULL) { - if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048) - return -11714; - - XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048); - *rsaCaCertBufSz = sizeof_ca_cert_der_2048; - } -#else - certFile = XFOPEN(clientCert, "rb"); - if (!certFile) - return -11715; - - *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1, - *rsaClientCertBufSz, certFile); - XFCLOSE(certFile); - - if (rsaServerCertBuf != NULL) { - certFile = XFOPEN(rsaServerCertDerFile, "rb"); - if (!certFile) - return -11716; - - *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1, - *rsaServerCertBufSz, certFile); - XFCLOSE(certFile); - } - - if (rsaCaCertBuf != NULL) { - certFile = XFOPEN(rsaCaCertDerFile, "rb"); - if (!certFile) - return -11717; - - *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz, - certFile); - XFCLOSE(certFile); - } -#endif - -#ifdef USE_CERT_BUFFERS_1024 - if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024) - return -11718; - - XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024, - sizeof_client_key_der_1024); - *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024; - - if (rsaServerPrivKeyBuf != NULL) { - if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024) - return -11719; - - XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024, - sizeof_server_key_der_1024); - *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024; - } - - if (rsaCaPrivKeyBuf != NULL) { - if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024) - return -11720; - - XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024); - *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024; - } -#elif defined(USE_CERT_BUFFERS_2048) - if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048) - return -11721; - - XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048, - sizeof_client_key_der_2048); - *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048; - - if (rsaServerPrivKeyBuf != NULL) { - if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048) - return -11722; - - XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048, - sizeof_server_key_der_2048); - *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048; - } - - if (rsaCaPrivKeyBuf != NULL) { - if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048) - return -11723; - - XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048); - *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048; - } -#else - keyFile = XFOPEN(clientKey, "rb"); - if (!keyFile) - return -11724; - - *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1, - *rsaClientPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - - if (rsaServerPrivKeyBuf != NULL) { - keyFile = XFOPEN(rsaServerKeyDerFile, "rb"); - if (!keyFile) - return -11725; - - *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1, - *rsaServerPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - } - - if (rsaCaPrivKeyBuf != NULL) { - keyFile = XFOPEN(rsaCaKeyFile, "rb"); - if (!keyFile) - return -11726; - - *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1, - *rsaCaPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - } -#endif /* USE_CERT_BUFFERS */ - -#endif /* NO_RSA */ - -/* ECC */ -#ifdef HAVE_ECC - -#ifdef USE_CERT_BUFFERS_256 - if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256) - return -11727; - - XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); - *eccClientCertBufSz = sizeof_cliecc_cert_der_256; -#else - certFile = XFOPEN(eccClientCert, "rb"); - if (!certFile) - return -11728; - - *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1, - *eccClientCertBufSz, certFile); - XFCLOSE(certFile); -#endif /* USE_CERT_BUFFERS_256 */ - -#ifdef USE_CERT_BUFFERS_256 - if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256) - return -11729; - - XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); - *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256; -#else - keyFile = XFOPEN(eccClientKey, "rb"); - if (!keyFile) - return -11730; - - *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1, - *eccClientPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); -#endif /* USE_CERT_BUFFERS_256 */ -#endif /* HAVE_ECC */ - -#ifdef NO_RSA - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; -#endif -#ifndef HAVE_ECC - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; -#endif -#ifndef NO_FILESYSTEM - (void)certFile; - (void)keyFile; -#endif - return 0; -} - - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - int keyWrapOID; - int keyAgreeOID; - byte* cert; - size_t certSz; - byte* privateKey; - word32 privateKeySz; - byte* optionalUkm; - word32 optionalUkmSz; - int ktriOptions; /* KTRI options flags */ - int kariOptions; /* KARI options flags */ - - /* KEKRI specific */ - byte* secretKey; /* key, only for kekri RecipientInfo types */ - word32 secretKeySz; /* size of secretKey, bytes */ - byte* secretKeyId; /* key identifier */ - word32 secretKeyIdSz; /* size of key identifier, bytes */ - void* timePtr; /* time_t pointer */ - byte* otherAttrOID; /* OPTIONAL, other attribute OID */ - word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ - byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ - word32 otherAttrSz; /* size of otherAttr, bytes */ - int kekriOptions; /* KEKRI options flags */ - - /* PWRI specific */ - char* password; - word32 passwordSz; - byte* salt; - word32 saltSz; - int kdfOID; - int hashOID; - int kdfIterations; - int pwriOptions; /* PWRI options flags */ - - /* ORI specific */ - int isOri; - int oriOptions; /* ORI options flags */ - - const char* outFileName; -} pkcs7EnvelopedVector; - - -static const byte asnDataOid[] = { - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -}; - -/* ORI encrypt callback, responsible for encrypting content-encryption key (CEK) - * and giving wolfCrypt the value for oriOID and oriValue to place in - * OtherRecipientInfo. - * - * Returns 0 on success, negative upon error. */ -static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType, - word32* oriTypeSz, byte* oriValue, word32* oriValueSz, - void* ctx) -{ - int i; - - /* make sure buffers are large enough */ - if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType))) - return -11731; - - /* our simple encryption algorithm will be take the bitwise complement */ - oriValue[0] = 0x04; /*ASN OCTET STRING */ - oriValue[1] = (byte)cekSz; /* length */ - for (i = 0; i < (int)cekSz; i++) { - oriValue[2 + i] = ~cek[i]; - } - *oriValueSz = 2 + cekSz; - - /* set oriType to ASN.1 encoded data OID */ - XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid)); - *oriTypeSz = sizeof(asnDataOid); - - (void)pkcs7; - (void)ctx; - - return 0; -} - - -/* ORI decrypt callback, responsible for providing a decrypted content - * encryption key (CEK) placed into decryptedKey and size placed into - * decryptedKeySz. oriOID and oriValue are given to the callback to help - * in decrypting the encrypted CEK. - * - * Returns 0 on success, negative upon error. */ -static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, - byte* oriValue, word32 oriValueSz, byte* decryptedKey, - word32* decryptedKeySz, void* ctx) -{ - int i; - - /* make sure oriType matches what we expect */ - if (oriTypeSz != sizeof(asnDataOid)) - return -11732; - - if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0) - return -11733; - - /* make sure decrypted buffer is large enough */ - if (*decryptedKeySz < oriValueSz) - return -11734; - - /* decrypt encrypted CEK using simple bitwise complement, - only for example */ - for (i = 0; i < (int)oriValueSz - 2; i++) { - decryptedKey[i] = ~oriValue[2 + i]; - } - - *decryptedKeySz = oriValueSz - 2; - - (void)pkcs7; - (void)ctx; - - return 0; -} - - -#ifndef NO_AES -/* returns 0 on success */ -static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, - byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, - byte* in, int inSz, byte* out, void* usrCtx) -{ - int keyId = -1, ret, keySz; - word32 keyIdSz = 8; - const byte* key; - byte keyIdRaw[8]; - Aes aes; - - /* looking for KEY ID - * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37 - */ - const unsigned char OID[] = { - /* 0x06, 0x0B do not pass in tag and length */ - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x25 - }; - - const byte defKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; - - const byte altKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; - - /* test user context passed in */ - if (usrCtx == NULL || *(int*)usrCtx != 1) { - return -11735; - } - - /* if needing to find keyIdSz can call with NULL */ - ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL, - &keyIdSz); - if (ret != LENGTH_ONLY_E) { - printf("Unexpected error %d when getting keyIdSz\n", ret); - printf("Possibly no KEY ID attribute set\n"); - return -11736; - } - else { - XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw)); - ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw, - &keyIdSz); - if (ret < 0) { - return ret; - } - - if (keyIdSz < 3) { - printf("keyIdSz is smaller than expected\n"); - return -11737; - } - if (keyIdSz > 2 + sizeof(int)) { - printf("example case was only expecting a keyId of int size\n"); - return -11738; - } - - /* keyIdRaw[0] OCTET TAG */ - /* keyIdRaw[1] Length */ -#ifdef BIG_ENDIAN_ORDER - if (keyIdRaw[1] == 0x01) { - keyId = 1; - } -#else - keyId = *(int*)(keyIdRaw + 2); -#endif - } - - - /* Use keyID here if found to select key and decrypt in HSM or in this - * example just select key and do software decryption */ - if (keyId == 1) { - key = altKey; - keySz = sizeof(altKey); - } - else { - key = defKey; - keySz = sizeof(defKey); - } - - switch (encryptOID) { - case AES256CBCb: - if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) - return BAD_FUNC_ARG; - break; - - case AES128CBCb: - if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) - return BAD_FUNC_ARG; - break; - - default: - printf("Unsupported content cipher type for example"); - return ALGO_ID_E; - }; - - ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION); - if (ret == 0) - ret = wc_AesCbcDecrypt(&aes, out, in, inSz); - wc_AesFree(&aes); - } - - (void)aad; - (void)aadSz; - (void)authTag; - (void)authTagSz; - return ret; -} -#endif /* NO_AES */ - - -static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, - byte* rsaPrivKey, word32 rsaPrivKeySz, - byte* eccCert, word32 eccCertSz, - byte* eccPrivKey, word32 eccPrivKeySz) -{ - int ret, testSz, i; - int envelopedSz, decodedSz; - - byte enveloped[2048]; - byte decoded[2048]; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) - byte optionalUkm[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; -#endif /* NO_AES */ - -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - /* encryption key for kekri recipient types */ - byte secretKey[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; - - /* encryption key identifier */ - byte secretKeyId[] = { - 0x02,0x02,0x03,0x04 - }; -#endif - -#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) - - char password[] = "password"; - - byte salt[] = { - 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 - }; -#endif - - const pkcs7EnvelopedVector testVectors[] = - { - /* key transport key encryption technique */ -#ifndef NO_RSA - #ifndef NO_DES3 - {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataDES3.der"}, - #endif - - #ifndef NO_AES - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES192CBC.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC.der"}, - - /* explicitly using SKID for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL, - NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_SKID.der"}, - - /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, - 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"}, - #endif - #endif /* NO_AES */ -#endif - - /* key agreement key encryption technique*/ -#ifdef HAVE_ECC - #ifndef NO_AES - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, - dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"}, - #endif - - #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"}, - #endif /* NO_SHA256 && WOLFSSL_AES_256 */ - - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"}, - - /* with optional user keying material (ukm) */ - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, - #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ -#endif - - /* kekri (KEKRecipientInfo) recipient types */ -#ifndef NO_AES - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), - secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC_KEKRI.der"}, - #endif -#endif - - /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, - (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, - 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"}, - #endif -#endif - -#if !defined(NO_AES) && !defined(NO_AES_128) - /* ori (OtherRecipientInfo) recipient types */ - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, - NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, - NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"}, -#endif - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, - #ifdef WOLFSSL_ASYNC_CRYPT - INVALID_DEVID /* async PKCS7 is not supported */ - #else - devId - #endif - ); - if (pkcs7 == NULL) - return -11739; - - if (testVectors[i].secretKey != NULL) { - /* KEKRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11740; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, - testVectors[i].secretKey, testVectors[i].secretKeySz, - testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, - testVectors[i].timePtr, testVectors[i].otherAttrOID, - testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, - testVectors[i].otherAttrSz, testVectors[i].kekriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11741; - } - - /* set key, for decryption */ - ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, - testVectors[i].secretKeySz); - - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11742; - } - - } else if (testVectors[i].password != NULL) { - #ifndef NO_PWDBASED - /* PWRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11743; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, - (byte*)testVectors[i].password, - testVectors[i].passwordSz, testVectors[i].salt, - testVectors[i].saltSz, testVectors[i].kdfOID, - testVectors[i].hashOID, testVectors[i].kdfIterations, - testVectors[i].encryptOID, testVectors[i].pwriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11744; - } - - /* set password, for decryption */ - ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, - testVectors[i].passwordSz); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11745; - } - #endif /* NO_PWDBASED */ - - } else if (testVectors[i].isOri == 1) { - /* ORI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11746; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - - ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, - testVectors[i].oriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11747; - } - - /* set decrypt callback for decryption */ - ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11748; - } - - } else { - /* KTRI or KARI recipient types */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11749; - } - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11750; - } - - pkcs7->keyWrapOID = testVectors[i].keyWrapOID; - pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - /* set SubjectIdentifier type for KTRI types */ - if (testVectors[i].ktriOptions & CMS_SKID) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11751; - } - } else if (testVectors[i].ktriOptions & - CMS_ISSUER_AND_SERIAL_NUMBER) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, - CMS_ISSUER_AND_SERIAL_NUMBER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11752; - } - } - } - - /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, - sizeof(enveloped)); - if (envelopedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -11753; - } - - /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, - decoded, sizeof(decoded)); - if (decodedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -11754; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0){ - wc_PKCS7_Free(pkcs7); - return -11755; - } - -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < envelopedSz; z++) { - decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1, - decoded, sizeof(decoded)); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - return -11756; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read compare failed\n"); - wc_PKCS7_Free(pkcs7); - return -11757; - } - } -#endif -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - return -11758; - } - - ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); - XFCLOSE(pkcs7File); - if (ret != envelopedSz) { - wc_PKCS7_Free(pkcs7); - return -11759; - } -#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - pkcs7 = NULL; - } - - (void)eccCert; - (void)eccCertSz; - (void)eccPrivKey; - (void)eccPrivKeySz; - (void)rsaCert; - (void)rsaCertSz; - (void)rsaPrivKey; - (void)rsaPrivKeySz; - - return 0; -} - - -int pkcs7enveloped_test(void) -{ - int ret = 0; - - byte* rsaCert = NULL; - byte* rsaPrivKey = NULL; - word32 rsaCertSz = 0; - word32 rsaPrivKeySz = 0; - - byte* eccCert = NULL; - byte* eccPrivKey = NULL; - word32 eccCertSz = 0; - word32 eccPrivKeySz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaCert == NULL) - return -11800; - - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaPrivKey == NULL) { - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11801; - } - - rsaCertSz = FOURK_BUF; - rsaPrivKeySz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccCert == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11802; - } - - eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccPrivKey == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11803; - } - - eccCertSz = FOURK_BUF; - eccPrivKeySz = FOURK_BUF; -#endif /* HAVE_ECC */ - - ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, - &rsaPrivKeySz, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, eccCert, &eccCertSz, - eccPrivKey, &eccPrivKeySz); - if (ret < 0) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11804; - } - - ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz, - rsaPrivKey, (word32)rsaPrivKeySz, - eccCert, (word32)eccCertSz, - eccPrivKey, (word32)eccPrivKeySz); - -#ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif -#ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - int keyWrapOID; - int keyAgreeOID; - byte* cert; - size_t certSz; - byte* privateKey; - word32 privateKeySz; - PKCS7Attrib* authAttribs; - word32 authAttribsSz; - PKCS7Attrib* unauthAttribs; - word32 unauthAttribsSz; - - /* KARI / KTRI specific */ - byte* optionalUkm; - word32 optionalUkmSz; - int ktriOptions; /* KTRI options flags */ - int kariOptions; /* KARI options flags */ - - /* KEKRI specific */ - byte* secretKey; /* key, only for kekri RecipientInfo types */ - word32 secretKeySz; /* size of secretKey, bytes */ - byte* secretKeyId; /* key identifier */ - word32 secretKeyIdSz; /* size of key identifier, bytes */ - void* timePtr; /* time_t pointer */ - byte* otherAttrOID; /* OPTIONAL, other attribute OID */ - word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ - byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ - word32 otherAttrSz; /* size of otherAttr, bytes */ - int kekriOptions; /* KEKRI options flags */ - - /* PWRI specific */ - char* password; /* password */ - word32 passwordSz; /* password size, bytes */ - byte* salt; /* KDF salt */ - word32 saltSz; /* KDF salt size, bytes */ - int kdfOID; /* KDF OID */ - int hashOID; /* KDF hash algorithm OID */ - int kdfIterations; /* KDF iterations */ - int kekEncryptOID; /* KEK encryption algorithm OID */ - int pwriOptions; /* PWRI options flags */ - - /* ORI specific */ - int isOri; - int oriOptions; /* ORI options flags */ - - const char* outFileName; -} pkcs7AuthEnvelopedVector; - - -static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, - byte* rsaPrivKey, word32 rsaPrivKeySz, - byte* eccCert, word32 eccCertSz, - byte* eccPrivKey, word32 eccPrivKeySz) -{ - int ret, testSz, i; - int envelopedSz, decodedSz; - - byte enveloped[2048]; - byte decoded[2048]; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - byte senderNonce[PKCS7_NONCE_SZ + 2]; - -#ifdef HAVE_ECC - byte senderNonceOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x05 }; - - PKCS7Attrib attribs[] = - { - { senderNonceOid, sizeof(senderNonceOid), senderNonce, - sizeof(senderNonce) } - }; -#endif - -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) - byte optionalUkm[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; -#endif /* NO_AES */ - -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - /* encryption key for kekri recipient types */ - byte secretKey[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; - - /* encryption key identifier */ - byte secretKeyId[] = { - 0x02,0x02,0x03,0x04 - }; -#endif - -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) - - char password[] = "password"; - - byte salt[] = { - 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 - }; -#endif - - const pkcs7AuthEnvelopedVector testVectors[] = - { - /* key transport key encryption technique */ -#ifndef NO_RSA - #if !defined(NO_AES) && defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"}, - - /* test with contentType set to FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0, - rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, - 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, - 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"}, - - /* explicitly using SKID for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, - 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"}, - - /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, - CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_IANDS.der"}, - #endif - #endif /* NO_AES */ -#endif - - /* key agreement key encryption technique*/ -#ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, - dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"}, - #endif - - #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"}, - - /* with authenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, - 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"}, - - /* with unauthenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, attribs, - (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, - 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"}, - - /* with authenticated AND unauthenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"}, - - /* with authenticated AND unauthenticated attributes AND - * contentType of FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"}, - #endif /* NO_SHA256 && WOLFSSL_AES_256 */ - - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, - NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"}, - - /* with optional user keying material (ukm) */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, - 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"}, - #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ -#endif - - /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, - secretKey, sizeof(secretKey), secretKeyId, sizeof(secretKeyId), - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"}, - #endif -#endif - - /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, - (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, - AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"}, - #endif -#endif - -#if !defined(NO_AES) && defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - /* ori (OtherRecipientInfo) recipient types */ - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, - "pkcs7authEnvelopedDataAES128GCM_ORI.der"}, - #endif -#endif - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7AuthEnvelopedVector); - - - /* generate senderNonce */ - { -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - return -11805; - } - - senderNonce[0] = 0x04; - senderNonce[1] = PKCS7_NONCE_SZ; - - ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); - if (ret != 0) { - wc_FreeRng(&rng); - return -11806; - } - - wc_FreeRng(&rng); - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, - #ifdef WOLFSSL_ASYNC_CRYPT - INVALID_DEVID /* async PKCS7 is not supported */ - #else - devId - #endif - ); - if (pkcs7 == NULL) - return -11807; - - if (testVectors[i].secretKey != NULL) { - /* KEKRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11808; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, - testVectors[i].secretKey, testVectors[i].secretKeySz, - testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, - testVectors[i].timePtr, testVectors[i].otherAttrOID, - testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, - testVectors[i].otherAttrSz, testVectors[i].kekriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11809; - } - - /* set key, for decryption */ - ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, - testVectors[i].secretKeySz); - - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11810; - } - - } else if (testVectors[i].password != NULL) { - #ifndef NO_PWDBASED - /* PWRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11811; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, - (byte*)testVectors[i].password, - testVectors[i].passwordSz, testVectors[i].salt, - testVectors[i].saltSz, testVectors[i].kdfOID, - testVectors[i].hashOID, testVectors[i].kdfIterations, - testVectors[i].kekEncryptOID, testVectors[i].pwriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11812; - } - - /* set password, for decryption */ - ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, - testVectors[i].passwordSz); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11813; - } - - #endif /* NO_PWDBASED */ - } else if (testVectors[i].isOri == 1) { - /* ORI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - return -11814; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, - testVectors[i].oriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11815; - } - - /* set decrypt callback for decryption */ - ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return -11816; - } - - } else { - /* KTRI or KARI recipient types */ - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11817; - } - - pkcs7->keyWrapOID = testVectors[i].keyWrapOID; - pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - /* set SubjectIdentifier type for KTRI types */ - if (testVectors[i].ktriOptions & CMS_SKID) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11818; - } - } else if (testVectors[i].ktriOptions & - CMS_ISSUER_AND_SERIAL_NUMBER) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, - CMS_ISSUER_AND_SERIAL_NUMBER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11819; - } - } - } - - /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped, - sizeof(enveloped)); - if (envelopedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -11820; - } -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < envelopedSz; z++) { - decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, - enveloped + z, 1, decoded, sizeof(decoded)); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - return -11821; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read compare failed\n"); - wc_PKCS7_Free(pkcs7); - return -11822; - } - } -#endif - /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped, - envelopedSz, decoded, - sizeof(decoded)); - if (decodedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -11823; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0){ - wc_PKCS7_Free(pkcs7); - return -11824; - } - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - return -11825; - } - - ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); - XFCLOSE(pkcs7File); - if (ret != envelopedSz) { - wc_PKCS7_Free(pkcs7); - return -11826; - } -#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - pkcs7 = NULL; - } - -#if !defined(HAVE_ECC) || defined(NO_AES) - (void)eccCert; - (void)eccCertSz; - (void)eccPrivKey; - (void)eccPrivKeySz; - (void)secretKey; - (void)secretKeyId; -#endif -#ifdef NO_RSA - (void)rsaCert; - (void)rsaCertSz; - (void)rsaPrivKey; - (void)rsaPrivKeySz; -#endif - return 0; -} - - -int pkcs7authenveloped_test(void) -{ - int ret = 0; - - byte* rsaCert = NULL; - byte* rsaPrivKey = NULL; - word32 rsaCertSz = 0; - word32 rsaPrivKeySz = 0; - - byte* eccCert = NULL; - byte* eccPrivKey = NULL; - word32 eccCertSz = 0; - word32 eccPrivKeySz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaCert == NULL) - return -11900; - - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaPrivKey == NULL) { - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11901; - } - - rsaCertSz = FOURK_BUF; - rsaPrivKeySz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccCert == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11902; - } - - eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccPrivKey == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11903; - } - - eccCertSz = FOURK_BUF; - eccPrivKeySz = FOURK_BUF; -#endif /* HAVE_ECC */ - - ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, - &rsaPrivKeySz, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, eccCert, &eccCertSz, - eccPrivKey, &eccPrivKeySz); - if (ret < 0) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11904; - } - - ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz, - rsaPrivKey, (word32)rsaPrivKeySz, - eccCert, (word32)eccCertSz, - eccPrivKey, (word32)eccPrivKeySz); - -#ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif -#ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -#endif /* HAVE_AESGCM || HAVE_AESCCM */ -#ifndef NO_AES -static const byte p7DefKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 -}; - -static const byte p7AltKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 -}; - -static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, - word32 keyIdSz, byte* orginKey, word32 orginKeySz, - byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) -{ - int ret; - - if (cek == NULL || out == NULL) - return BAD_FUNC_ARG; - - /* test case sanity checks */ - if (keyIdSz != 1) { - return -11905; - } - - if (keyId[0] != 0x00) { - return -11906; - } - - if (type != (int)PKCS7_KEKRI) { - return -11907; - } - - switch (keyWrapAlgo) { - case AES256_WRAP: - ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz, - out, outSz, NULL); - if (ret <= 0) - return ret; - break; - - default: - WOLFSSL_MSG("Unsupported key wrap algorithm in example"); - return BAD_KEYWRAP_ALG_E; - }; - - (void)pkcs7; - (void)direction; - (void)orginKey; /* used with KAKRI */ - (void)orginKeySz; - return ret; -} - - -/* returns key size on success */ -static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz) -{ - int ret; - word32 atrSz; - byte atr[256]; - - /* Additionally can look for fwWrappedFirmwareKey - * 1.2.840.113529.1.9.16.1.16 */ - const unsigned char fwWrappedFirmwareKey[] = { - /* 0x06, 0x0B */ - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x27 - }; - - /* find keyID in fwWrappedFirmwareKey */ - ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, - sizeof(fwWrappedFirmwareKey), NULL, &atrSz); - if (ret == LENGTH_ONLY_E) { - XMEMSET(atr, 0, sizeof(atr)); - ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, - sizeof(fwWrappedFirmwareKey), atr, &atrSz); - - /* keyIdRaw[0] OCTET TAG */ - /* keyIdRaw[1] Length */ - - if (ret > 0) { - PKCS7* envPkcs7; - - envPkcs7 = wc_PKCS7_New(NULL, 0); - if (envPkcs7 == NULL) { - return MEMORY_E; - } - - wc_PKCS7_Init(envPkcs7, NULL, 0); - ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc); - if (ret == 0) { - /* expecting FIRMWARE_PKG_DATA content */ - envPkcs7->contentOID = FIRMWARE_PKG_DATA; - ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz, - key, keySz); - } - wc_PKCS7_Free(envPkcs7); - } - } - - return ret; -} - -/* create a KEKRI enveloped data - * return size on success */ -static int envelopedData_encrypt(byte* in, word32 inSz, byte* out, - word32 outSz) -{ - int ret; - PKCS7* pkcs7; - const byte keyId[] = { 0x00 }; - - pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); - if (pkcs7 == NULL) - return -11908; - - pkcs7->content = in; - pkcs7->contentSz = inSz; - pkcs7->contentOID = FIRMWARE_PKG_DATA; - pkcs7->encryptOID = AES256CBCb; - pkcs7->ukm = NULL; - pkcs7->ukmSz = 0; - - /* add recipient (KEKRI type) */ - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey, - sizeof(p7DefKey), (byte*)keyId, - sizeof(keyId), NULL, NULL, 0, NULL, 0, 0); - if (ret < 0) { - printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11909; - } - - /* encode envelopedData, returns size */ - ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz); - if (ret <= 0) { - printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11910; - - } - - wc_PKCS7_Free(pkcs7); - - return ret; -} - - -/* - * keyHint is the KeyID to be set in the fwDecryptKeyID attribute - * returns size of buffer output on success - */ -static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey, - word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz, - byte* key, word32 keySz) -{ - int ret, attribNum = 1; - PKCS7* pkcs7; - - /* KEY ID - * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37 - */ - const unsigned char fwDecryptKeyID[] = { - 0x06, 0x0B, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x25 - }; - - /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */ - const unsigned char fwWrappedFirmwareKey[] = { - 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x27 - }; - - byte keyID[] = { 0x04, 0x01, 0x00 }; - byte env[256]; - char data[] = "Test of wolfSSL PKCS7 decrypt callback"; - - PKCS7Attrib attribs[] = - { - { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) }, - { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 } - }; - - keyID[2] = keyHint; - - /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */ - if (keyHint == 0) { - ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env, - sizeof(env)); - if (ret <= 0) { - return ret; - } - attribs[1].valueSz = ret; - attribNum++; - } - - /* init PKCS7 */ - pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); - if (pkcs7 == NULL) - return -11911; - - ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); - if (ret != 0) { - printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11912; - } - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11913; - } - - /* encode Signed Encrypted FirmwarePkgData */ - if (encryptKeySz == 16) { - ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, - encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h, - (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); - } - else { - ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, - encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h, - (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); - } - if (ret <= 0) { - printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, " - "ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11914; - - } else { - *outSz = ret; - } - - wc_PKCS7_Free(pkcs7); - - return ret; -} - - -/* test verification and decryption of PKCS7 bundle - * return 0 on success - */ -static int verifyBundle(byte* derBuf, word32 derSz, int keyHint) -{ - int ret = 0; - int usrCtx = 1; /* test value to pass as user context to callback */ - PKCS7* pkcs7; - byte* sid; - word32 sidSz; - byte key[256]; - word32 keySz = sizeof(key); - - byte decoded[FOURK_BUF/2]; - int decodedSz = FOURK_BUF/2; - - const byte expectedSid[] = { - 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, - 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, - 0xD7, 0x85, 0x65, 0xC0 - }; - - pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); - if (pkcs7 == NULL) { - return MEMORY_E; - } - - /* Test verify */ - ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - /* Get size of SID and print it out */ - ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz); - if (ret != LENGTH_ONLY_E) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (sid == NULL) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - ret = XMEMCMP(sid, expectedSid, sidSz); - XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - /* get expected fwWrappedFirmwareKey */ - if (keyHint == 0) { - ret = getFirmwareKey(pkcs7, key, keySz); - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - pkcs7->encryptionKey = key; - pkcs7->encryptionKeySz = ret; - } - else { - decodedSz = sizeof(decoded); - ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - } - - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, decoded, decodedSz); - if (decodedSz < 0) { - ret = decodedSz; - wc_PKCS7_Free(pkcs7); - return ret; - } - - wc_PKCS7_Free(pkcs7); - return 0; -} - - -int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz) -{ - - int ret = 0; - byte derBuf[FOURK_BUF/2]; - word32 derSz = FOURK_BUF/2; - - /* Doing default generation and verify */ - ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert, - certSz, key, keySz); - if (ret <= 0) { - return -11915; - } - - ret = verifyBundle(derBuf, derSz, 0); - if (ret != 0) { - return -11916; - } - - /* test choosing other key with keyID */ - derSz = FOURK_BUF/2; - ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1, - cert, certSz, key, keySz); - if (ret <= 0) { - return -11917; - } - - ret = verifyBundle(derBuf, derSz, 1); - if (ret != 0) { - return -11918; - } - - /* test fail case with wrong keyID */ - derSz = FOURK_BUF/2; - ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1, - cert, certSz, key, keySz); - if (ret <= 0) { - return -11919; - } - - ret = verifyBundle(derBuf, derSz, 1); - if (ret == 0) { - return -11920; - } - - return 0; -} -#endif /* NO_AES */ - -#ifndef NO_PKCS7_ENCRYPTED_DATA - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - byte* encryptionKey; - word32 encryptionKeySz; - PKCS7Attrib* attribs; - word32 attribsSz; - const char* outFileName; -} pkcs7EncryptedVector; - - -int pkcs7encrypted_test(void) -{ - int ret = 0; - int i, testSz; - int encryptedSz, decodedSz, attribIdx; - PKCS7* pkcs7; - byte encrypted[2048]; - byte decoded[2048]; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - PKCS7Attrib* expectedAttrib; - PKCS7DecodedAttrib* decodedAttrib; - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#ifndef NO_DES3 - byte desKey[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - byte des3Key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; -#endif - -#ifndef NO_AES -#ifdef WOLFSSL_AES_128 - byte aes128Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif -#ifdef WOLFSSL_AES_192 - byte aes192Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte aes256Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Attribute example from RFC 4134, Section 7.2 - * OID = 1.2.5555 - * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */ - static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 }; - static byte genAttr[] = { 0x04, 47, - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, - 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e }; - - static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 }; - static byte genAttr2[] = { 0x04, 47, - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, - 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e }; - - PKCS7Attrib attribs[] = - { - { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) } - }; - - PKCS7Attrib multiAttribs[] = - { - { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, - { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } - }; -#endif -#endif /* NO_AES */ - - const pkcs7EncryptedVector testVectors[] = - { -#ifndef NO_DES3 - {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key), - NULL, 0, "pkcs7encryptedDataDES3.der"}, - - {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey), - NULL, 0, "pkcs7encryptedDataDES.der"}, -#endif /* NO_DES3 */ - -#ifndef NO_AES - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, - sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, - sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"}, - - /* test with optional unprotected attributes */ - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7encryptedDataAES256CBC_attribs.der"}, - - /* test with multiple optional unprotected attributes */ - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), multiAttribs, - (sizeof(multiAttribs)/sizeof(PKCS7Attrib)), - "pkcs7encryptedDataAES256CBC_multi_attribs.der"}, - - /* test with contentType set to FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), NULL, 0, - "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, - #endif -#endif /* NO_AES */ - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12000; - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->encryptionKey = testVectors[i].encryptionKey; - pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; - pkcs7->unprotectedAttribs = testVectors[i].attribs; - pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; - - /* encode encryptedData */ - encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, - sizeof(encrypted)); - if (encryptedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -12001; - } - - /* decode encryptedData */ -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < encryptedSz; z++) { - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1, - decoded, sizeof(decoded)); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - return -12002; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read failed\n"); - wc_PKCS7_Free(pkcs7); - return -12003; - } - } -#endif - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, - decoded, sizeof(decoded)); - if (decodedSz <= 0){ - wc_PKCS7_Free(pkcs7); - return -12004; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - wc_PKCS7_Free(pkcs7); - return -12005; - } - - /* verify decoded unprotected attributes */ - if (pkcs7->decodedAttrib != NULL) { - decodedAttrib = pkcs7->decodedAttrib; - attribIdx = 1; - - while (decodedAttrib != NULL) { - - /* expected attribute, stored list is reversed */ - expectedAttrib = &(pkcs7->unprotectedAttribs - [pkcs7->unprotectedAttribsSz - attribIdx]); - - /* verify oid */ - if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, - decodedAttrib->oidSz) != 0) { - wc_PKCS7_Free(pkcs7); - return -12006; - } - - /* verify value */ - if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, - decodedAttrib->valueSz) != 0) { - wc_PKCS7_Free(pkcs7); - return -12007; - } - - decodedAttrib = decodedAttrib->next; - attribIdx++; - } - } - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - return -12008; - } - - ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File); - XFCLOSE(pkcs7File); - - if (ret > 0) - ret = 0; -#endif - - wc_PKCS7_Free(pkcs7); - } - - return ret; -} - -#endif /* NO_PKCS7_ENCRYPTED_DATA */ - - -#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - const char* outFileName; -} pkcs7CompressedVector; - - -int pkcs7compressed_test(void) -{ - int ret = 0; - int i, testSz; - int compressedSz, decodedSz; - PKCS7* pkcs7; - byte compressed[2048]; - byte decoded[2048]; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - - const pkcs7CompressedVector testVectors[] = - { - {data, (word32)sizeof(data), DATA, - "pkcs7compressedData_data_zlib.der"}, - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, - "pkcs7compressedData_firmwarePkgData_zlib.der"}, - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector); - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12100; - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - - /* encode compressedData */ - compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed, - sizeof(compressed)); - if (compressedSz <= 0) { - wc_PKCS7_Free(pkcs7); - return -12101; - } - - /* decode compressedData */ - decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed, - compressedSz, decoded, - sizeof(decoded)); - if (decodedSz <= 0){ - wc_PKCS7_Free(pkcs7); - return -12102; - } - - /* test decode result */ - if (XMEMCMP(decoded, testVectors[i].content, - testVectors[i].contentSz) != 0) { - wc_PKCS7_Free(pkcs7); - return -12103; - } - - /* make sure content type is the same */ - if (testVectors[i].contentOID != pkcs7->contentOID) - return -12104; - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 compressedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - return -12105; - } - - ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File); - XFCLOSE(pkcs7File); - - if (ret > 0) - ret = 0; -#endif - - wc_PKCS7_Free(pkcs7); - } - - return ret; -} /* pkcs7compressed_test() */ - -#endif /* HAVE_LIBZ */ - - -typedef struct { - const byte* content; - word32 contentSz; - int hashOID; - int signOID; - byte* privateKey; - word32 privateKeySz; - byte* cert; - size_t certSz; - byte* caCert; - size_t caCertSz; - PKCS7Attrib* signedAttribs; - word32 signedAttribsSz; - const char* outFileName; - int contentOID; - byte* contentType; - word32 contentTypeSz; - int sidType; - int encryptOID; /* for single-shot encrypt alg OID */ - int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/ - byte* encryptKey; /* for single-shot, encryptedData */ - word32 encryptKeySz; /* for single-shot, encryptedData */ - PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */ - word32 unprotectedAttribsSz; /* for single-shot, encryptedData */ - word16 detachedSignature; /* generate detached signature (0:1) */ -} pkcs7SignedVector; - - -static int pkcs7signed_run_vectors( - byte* rsaClientCertBuf, word32 rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32 rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32 rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32 eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) -{ - int ret, testSz, i; - int encodedSz; - byte* out; - word32 outSz; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE file; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - - static byte transIdOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x07 }; - static byte messageTypeOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x02 }; - static byte senderNonceOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x05 }; -#ifndef NO_SHA - static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; -#else - static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; -#endif - static byte messageType[] = { 0x13, 2, '1', '9' }; - static byte senderNonce[PKCS7_NONCE_SZ + 2]; - - PKCS7Attrib attribs[] = - { - { transIdOid, sizeof(transIdOid), transId, - sizeof(transId) - 1 }, /* take off the null */ - { messageTypeOid, sizeof(messageTypeOid), messageType, - sizeof(messageType) }, - { senderNonceOid, sizeof(senderNonceOid), senderNonce, - sizeof(senderNonce) } - }; - - /* for testing custom contentType, FirmwarePkgData */ - byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x01, 0x10 }; - - const pkcs7SignedVector testVectors[] = - { -#ifndef NO_RSA - #ifndef NO_SHA - /* RSA with SHA */ - {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, - 0, 0}, - - /* RSA with SHA, no signed attributes */ - {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, - NULL, 0, NULL, 0, - "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA224 - /* RSA with SHA224 */ - {data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifndef NO_SHA256 - /* RSA with SHA256 */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* RSA with SHA256, detached signature */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 1}, - - /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* RSA with SHA256 and custom contentType */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0, - customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* RSA with SHA256 and FirmwarePkgData contentType */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_firmwarePkgData.der", - FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* RSA with SHA256 using server cert and ca cert */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, - rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, - rsaCaCertBuf, rsaCaCertBufSz, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 0}, - #endif - #if defined(WOLFSSL_SHA384) - /* RSA with SHA384 */ - {data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #if defined(WOLFSSL_SHA512) - /* RSA with SHA512 */ - {data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - #ifndef NO_SHA - /* ECDSA with SHA */ - {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA, no signed attributes */ - {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, - NULL, 0, NULL, 0, - "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA224 - /* ECDSA with SHA224 */ - {data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifndef NO_SHA256 - /* ECDSA with SHA256 */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* ECDSA with SHA256 and custom contentType */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0, - customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA256 and FirmwarePkgData contentType */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der", - FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA384 - /* ECDSA with SHA384 */ - {data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA512 - /* ECDSA with SHA512 */ - {data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif -#endif /* HAVE_ECC */ - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); - - outSz = FOURK_BUF; - out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (out == NULL) - return -12106; - - XMEMSET(out, 0, outSz); - - ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12107; - } - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12108; - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12109; - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12110; - } - - /* load CA certificate, if present */ - if (testVectors[i].caCert != NULL) { - ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, - (word32)testVectors[i].caCertSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12111; - } - } - - pkcs7->rng = &rng; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->hashOID = testVectors[i].hashOID; - pkcs7->encryptOID = testVectors[i].signOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->signedAttribs = testVectors[i].signedAttribs; - pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; - - /* optional custom contentType, default is DATA, - overrides contentOID if set */ - if (testVectors[i].contentType != NULL) { - ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType, - testVectors[i].contentTypeSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12112; - } - } - - /* set SignerIdentifier to use SubjectKeyIdentifier if desired, - default is IssuerAndSerialNumber */ - if (testVectors[i].sidType == CMS_SKID) { - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12113; - } - } - - /* generate senderNonce */ - { - senderNonce[0] = 0x04; - senderNonce[1] = PKCS7_NONCE_SZ; - - ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12114; - } - } - - /* generate transactionID (used with SCEP) */ - { - #ifndef NO_SHA - wc_Sha sha; - byte digest[WC_SHA_DIGEST_SIZE]; - #else - wc_Sha256 sha; - byte digest[WC_SHA256_DIGEST_SIZE]; - #endif - int j,k; - - transId[0] = 0x13; - transId[1] = sizeof(digest) * 2; - - #ifndef NO_SHA - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12115; - } - wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); - wc_ShaFinal(&sha, digest); - wc_ShaFree(&sha); - #else - ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12116; - } - wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); - wc_Sha256Final(&sha, digest); - wc_Sha256Free(&sha); - #endif - - for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { - XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); - } - } - - /* enable detached signature generation, if set */ - if (testVectors[i].detachedSignature == 1) { - ret = wc_PKCS7_SetDetached(pkcs7, 1); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12117; - } - } - - encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); - if (encodedSz < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12118; - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* write PKCS#7 to output file for more testing */ - file = XFOPEN(testVectors[i].outFileName, "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12119; - } - ret = (int)XFWRITE(out, 1, encodedSz, file); - XFCLOSE(file); - if (ret != (int)encodedSz) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12120; - } - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12121; - wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - - if (testVectors[i].detachedSignature == 1) { - /* set content for verifying detached signatures */ - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - } - - ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12122; - } - - /* verify contentType extracted successfully for custom content types */ - if (testVectors[i].contentTypeSz > 0) { - if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) { - return -12123; - } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType, - pkcs7->contentTypeSz) != 0) { - return -12124; - } - } - - if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12125; - } - - { - /* check getting signed attributes */ - #ifndef NO_SHA - byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; - #else - byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; - #endif - byte* oidPt = transIdOid + 2; /* skip object id tag and size */ - int oidSz = (int)sizeof(transIdOid) - 2; - int bufSz = 0; - - if (testVectors[i].signedAttribs != NULL && - wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, - NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12126; - } - - if (bufSz > (int)sizeof(buf)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12127; - } - - bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, - buf, (word32*)&bufSz); - if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || - (testVectors[i].signedAttribs == NULL && bufSz > 0)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12128; - } - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - file = XFOPEN("./pkcs7cert.der", "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12129; - } - ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); - XFCLOSE(file); - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - } - - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - if (ret > 0) - return 0; - - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; - - return ret; -} - - -static int pkcs7signed_run_SingleShotVectors( - byte* rsaClientCertBuf, word32 rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32 rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32 rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32 eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) -{ - int ret, testSz, i; - int encodedSz; - byte* out; - word32 outSz; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE file; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - byte aes256Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif - - static byte messageTypeOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x02 }; - static byte messageType[] = { 0x13, 2, '1', '9' }; - - PKCS7Attrib attribs[] = - { - { messageTypeOid, sizeof(messageTypeOid), messageType, - sizeof(messageType) }, - }; - - const pkcs7SignedVector testVectors[] = - { -#ifndef NO_RSA - #ifndef NO_SHA256 - /* Signed FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0, - 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, RSA, SHA256, attrs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL, - 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, - rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, - rsaCaCertBuf, rsaCaCertBufSz, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0, - NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, - - /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0, - NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0, - NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0, - NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - #ifndef NO_PKCS7_ENCRYPTED_DATA - /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, - no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, - 0, 0}, - - /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, - attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* !NO_PKCS7_ENCRYPTED_DATA */ - - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - #endif /* NO_SHA256 */ -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - #ifndef NO_SHA256 - /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, - 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, - - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, - - /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - #ifndef NO_PKCS7_ENCRYPTED_DATA - /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, - no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, - 0, 0}, - - /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, - attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* !NO_PKCS7_ENCRYPTED_DATA */ - - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - #endif /* NO_SHA256 */ -#endif /* HAVE_ECC */ - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); - - outSz = FOURK_BUF; - out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (out == NULL) - return -12130; - - XMEMSET(out, 0, outSz); - - ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12131; - } - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12132; - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12133; - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12134; - } - - /* load CA certificate, if present */ - if (testVectors[i].caCert != NULL) { - ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, - (word32)testVectors[i].caCertSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12135; - } - } - - /* set SignerIdentifier to use SubjectKeyIdentifier if desired, - default is IssuerAndSerialNumber */ - if (testVectors[i].sidType == CMS_SKID) { - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12136; - } - } - - if (testVectors[i].encCompFlag == 0) { - - /* encode Signed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].signOID, testVectors[i].hashOID, - (byte*)testVectors[i].content, testVectors[i].contentSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12137; - } - - #ifndef NO_PKCS7_ENCRYPTED_DATA - - } else if (testVectors[i].encCompFlag == 1) { - - /* encode Signed Encrypted FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, - testVectors[i].encryptKey, testVectors[i].encryptKeySz, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].encryptOID, testVectors[i].signOID, - testVectors[i].hashOID, (byte*)testVectors[i].content, - testVectors[i].contentSz, testVectors[i].unprotectedAttribs, - testVectors[i].unprotectedAttribsSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12138; - } - #endif - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - } else if (testVectors[i].encCompFlag == 2) { - - /* encode Signed Compressed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].signOID, testVectors[i].hashOID, - (byte*)testVectors[i].content, testVectors[i].contentSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12139; - } - - #ifndef NO_PKCS7_ENCRYPTED_DATA - } else if (testVectors[i].encCompFlag == 3) { - - /* encode Signed Encrypted Compressed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7, - testVectors[i].encryptKey, testVectors[i].encryptKeySz, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].encryptOID, testVectors[i].signOID, - testVectors[i].hashOID, (byte*)testVectors[i].content, - testVectors[i].contentSz, testVectors[i].unprotectedAttribs, - testVectors[i].unprotectedAttribsSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12140; - } - - #endif /* NO_PKCS7_ENCRYPTED_DATA */ - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - } else { - /* unsupported SignedData single-shot combination */ - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12141; - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* write PKCS#7 to output file for more testing */ - file = XFOPEN(testVectors[i].outFileName, "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12142; - } - ret = (int)XFWRITE(out, 1, encodedSz, file); - XFCLOSE(file); - if (ret != (int)encodedSz) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12143; - } - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12144; - wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - - ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12145; - } -#ifndef NO_PKCS7_STREAM - { - word32 z; - for (z = 0; z < outSz && ret != 0; z++) { - ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1); - if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - printf("unexpected error %d\n", ret); - return -12146; - } - } - } -#endif - - if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12147; - } - - if (testVectors[i].encCompFlag == 0) { - /* verify decoded content matches expected */ - if ((pkcs7->contentSz != testVectors[i].contentSz) || - XMEMCMP(pkcs7->content, testVectors[i].content, - pkcs7->contentSz)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12148; - } - - } - #ifndef NO_PKCS7_ENCRYPTED_DATA - else if (testVectors[i].encCompFlag == 1) { - - /* decrypt inner encryptedData */ - pkcs7->encryptionKey = testVectors[i].encryptKey; - pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; - - ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12149; - } - - /* compare decrypted to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12150; - } - } - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - else if (testVectors[i].encCompFlag == 2) { - - /* decompress inner compressedData */ - ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content, - pkcs7->contentSz, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12151; - } - - /* compare decompressed to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12152; - } - } - #ifndef NO_PKCS7_ENCRYPTED_DATA - else if (testVectors[i].encCompFlag == 3) { - - byte* encryptedTmp; - int encryptedTmpSz; - - encryptedTmpSz = FOURK_BUF; - encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (encryptedTmp == NULL) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12153; - } - - XMEMSET(encryptedTmp, 0, encryptedTmpSz); - - /* decrypt inner encryptedData */ - pkcs7->encryptionKey = testVectors[i].encryptKey; - pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; - - encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, encryptedTmp, - encryptedTmpSz); - - if (encryptedTmpSz < 0) { - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12154; - } - - /* decompress inner compressedData */ - ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp, - encryptedTmpSz, out, outSz); - if (ret < 0) { - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12155; - } - - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - /* compare decompressed to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12156; - } - } - #endif /* NO_PKCS7_ENCRYPTED_DATA */ - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - wc_PKCS7_Free(pkcs7); - } - - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - if (ret > 0) - return 0; - - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; - - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; - - return ret; -} - - -int pkcs7signed_test(void) -{ - int ret = 0; - - byte* rsaClientCertBuf = NULL; - byte* rsaServerCertBuf = NULL; - byte* rsaCaCertBuf = NULL; - byte* eccClientCertBuf = NULL; - byte* rsaClientPrivKeyBuf = NULL; - byte* rsaServerPrivKeyBuf = NULL; - byte* rsaCaPrivKeyBuf = NULL; - byte* eccClientPrivKeyBuf = NULL; - - word32 rsaClientCertBufSz = 0; - word32 rsaServerCertBufSz = 0; - word32 rsaCaCertBufSz = 0; - word32 eccClientCertBufSz = 0; - word32 rsaClientPrivKeyBufSz = 0; - word32 rsaServerPrivKeyBufSz = 0; - word32 rsaCaPrivKeyBufSz = 0; - word32 eccClientPrivKeyBufSz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (rsaClientCertBuf == NULL) - ret = -12200; - - rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaClientPrivKeyBuf == NULL) { - ret = -12201; - } - - rsaClientCertBufSz = FOURK_BUF; - rsaClientPrivKeyBufSz = FOURK_BUF; - - /* read server RSA cert and key in DER format */ - rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaServerCertBuf == NULL) - ret = -12202; - - rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaServerPrivKeyBuf == NULL) { - ret = -12203; - } - - rsaServerCertBufSz = FOURK_BUF; - rsaServerPrivKeyBufSz = FOURK_BUF; - - /* read CA RSA cert and key in DER format, for use with server cert */ - rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaCaCertBuf == NULL) - ret = -12204; - - rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaCaPrivKeyBuf == NULL) { - ret = -12205; - } - - rsaCaCertBufSz = FOURK_BUF; - rsaCaPrivKeyBufSz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && eccClientCertBuf == NULL) { - ret = -12206; - } - - eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && eccClientPrivKeyBuf == NULL) { - ret = -12207; - } - - eccClientCertBufSz = FOURK_BUF; - eccClientPrivKeyBufSz = FOURK_BUF; -#endif /* HAVE_ECC */ - - if (ret >= 0) - ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz, - rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz, - rsaServerCertBuf, &rsaServerCertBufSz, - rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz, - rsaCaCertBuf, &rsaCaCertBufSz, - rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz, - eccClientCertBuf, &eccClientCertBufSz, - eccClientPrivKeyBuf, &eccClientPrivKeyBufSz); - if (ret < 0) { - ret = -12208; - } - - if (ret >= 0) - ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, - rsaServerCertBuf, (word32)rsaServerCertBufSz, - rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, - rsaCaCertBuf, (word32)rsaCaCertBufSz, - rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, - eccClientCertBuf, (word32)eccClientCertBufSz, - eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); - - if (ret >= 0) - ret = pkcs7signed_run_SingleShotVectors( - rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, - rsaServerCertBuf, (word32)rsaServerCertBufSz, - rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, - rsaCaCertBuf, (word32)rsaCaCertBufSz, - rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, - eccClientCertBuf, (word32)eccClientCertBufSz, - eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); - -#ifndef NO_AES - if (ret >= 0) - ret = pkcs7callback_test( - rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz); -#endif - - XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#endif /* HAVE_PKCS7 */ - -#ifdef HAVE_VALGRIND -/* Need a static build to have access to symbols. */ - -/* Maximum number of bytes in a number to test. */ -#define MP_MAX_TEST_BYTE_LEN 16 - -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) -static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap) -{ - byte d[MP_MAX_TEST_BYTE_LEN]; - int ret; - - (void)heap; - - do { - ret = wc_RNG_GenerateBlock(rng, d, len); - if (ret != 0) - return ret; - ret = mp_read_unsigned_bin(n, d, len); - if (ret != 0) - return ret; - } while (mp_iszero(n)); - - return 0; -} -#endif - -int mp_test(void) -{ - WC_RNG rng; - int ret; -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) - int i, j, k; - mp_digit d; -#endif - mp_int a, b, r1, r2, p; - - ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL); - if (ret != 0) - return -12300; - - mp_init_copy(&p, &a); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - goto done; - -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) - mp_set_int(&a, 0); - if (a.used != 0 || a.dp[0] != 0) - return -12301; - - for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { - for (i = 0; i < 4 * j; i++) { - /* New values to use. */ - ret = randNum(&p, j, &rng, NULL); - if (ret != 0) - return -12302; - ret = randNum(&a, j, &rng, NULL); - if (ret != 0) - return -12303; - ret = randNum(&b, j, &rng, NULL); - if (ret != 0) - return -12304; - ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); - if (ret != 0) - return -12305; - d &= MP_MASK; - - /* Ensure sqrmod produce same result as mulmod. */ - ret = mp_sqrmod(&a, &p, &r1); - if (ret != 0) - return -12306; - ret = mp_mulmod(&a, &a, &p, &r2); - if (ret != 0) - return -12307; - if (mp_cmp(&r1, &r2) != 0) - return -12308; - - /* Ensure add with mod produce same result as sub with mod. */ - ret = mp_addmod(&a, &b, &p, &r1); - if (ret != 0) - return -12309; - b.sign ^= 1; - ret = mp_submod(&a, &b, &p, &r2); - if (ret != 0) - return -12310; - if (mp_cmp(&r1, &r2) != 0) - return -12311; - - /* Ensure add digit produce same result as sub digit. */ - ret = mp_add_d(&a, d, &r1); - if (ret != 0) - return -12312; - ret = mp_sub_d(&r1, d, &r2); - if (ret != 0) - return -12313; - if (mp_cmp(&a, &r2) != 0) - return -12314; - - /* Invert - if p is even it will use the slow impl. - * - if p and a are even it will fail. - */ - ret = mp_invmod(&a, &p, &r1); - if (ret != 0 && ret != MP_VAL) - return -12315; - ret = 0; - - /* Shift up and down number all bits in a digit. */ - for (k = 0; k < DIGIT_BIT; k++) { - mp_mul_2d(&a, k, &r1); - mp_div_2d(&r1, k, &r2, &p); - if (mp_cmp(&a, &r2) != 0) - return -12316; - if (!mp_iszero(&p)) - return -12317; - mp_rshb(&r1, k); - if (mp_cmp(&a, &r1) != 0) - return -12318; - } - } - } - - /* Check that setting a 32-bit digit works. */ - d &= 0xffffffff; - mp_set_int(&a, d); - if (a.used != 1 || a.dp[0] != d) - return -12319; - - /* Check setting a bit and testing a bit works. */ - for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { - mp_zero(&a); - mp_set_bit(&a, i); - if (!mp_is_bit_set(&a, i)) - return -12320; - } -#endif - -done: - mp_clear(&p); - mp_clear(&r2); - mp_clear(&r1); - mp_clear(&b); - mp_clear(&a); - wc_FreeRng(&rng); - return ret; -} -#endif - - -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) - -typedef struct pairs_t { - const unsigned char* coeff; - int coeffSz; - int exp; -} pairs_t; - - -/* -n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293) -p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a - + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b -*/ - -static const unsigned char c192a[] = -{ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f, - 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23, - 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a -}; -static const unsigned char c0a[] = -{ - 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5, - 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18, - 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b -}; - -static const pairs_t ecPairsA[] = -{ - {c192a, sizeof(c192a), 192}, - {c0a, sizeof(c0a), 0} -}; - -static const int kA[] = {173, 293}; - -static const unsigned char controlPrime[] = { - 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49, - 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7, - 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d, - 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1, - 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85, - 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8, - 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb, - 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86, - 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47, - 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7, - 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04, - 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa, - 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7, - 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21, - 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7, - 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53 -}; - -static const unsigned char testOne[] = { 1 }; - - -static int GenerateNextP(mp_int* p1, mp_int* p2, int k) -{ - int ret; - mp_int ki; - - ret = mp_init(&ki); - if (ret == 0) - ret = mp_set(&ki, k); - if (ret == 0) - ret = mp_sub_d(p1, 1, p2); - if (ret == 0) - ret = mp_mul(p2, &ki, p2); - if (ret == 0) - ret = mp_add_d(p2, 1, p2); - mp_clear(&ki); - - return ret; -} - - -static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, - const pairs_t* ecPairs, int ecPairsSz, - const int* k) -{ - mp_int x,y; - int ret, i; - - ret = mp_init(&x); - if (ret == 0) { - ret = mp_init(&y); - if (ret != 0) { - mp_clear(&x); - return MP_MEM; - } - } - for (i = 0; ret == 0 && i < ecPairsSz; i++) { - ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz); - /* p1 = 2^exp */ - if (ret == 0) - ret = mp_2expt(&y, ecPairs[i].exp); - /* p1 = p1 * m */ - if (ret == 0) - ret = mp_mul(&x, &y, &x); - /* p1 += */ - if (ret == 0) - ret = mp_add(p1, &x, p1); - mp_zero(&x); - mp_zero(&y); - } - mp_clear(&x); - mp_clear(&y); - - if (ret == 0) - ret = GenerateNextP(p1, p2, k[0]); - if (ret == 0) - ret = GenerateNextP(p1, p3, k[1]); - - return ret; -} - -int prime_test(void) -{ - mp_int n, p1, p2, p3; - int ret, isPrime = 0; - WC_RNG rng; - - ret = wc_InitRng(&rng); - if (ret == 0) - ret = mp_init_multi(&n, &p1, &p2, &p3, NULL, NULL); - if (ret == 0) - ret = GenerateP(&p1, &p2, &p3, - ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA); - if (ret == 0) - ret = mp_mul(&p1, &p2, &n); - if (ret == 0) - ret = mp_mul(&n, &p3, &n); - if (ret != 0) - return -12400; - - /* Check the old prime test using the number that false positives. - * This test result should indicate as not prime. */ - ret = mp_prime_is_prime(&n, 40, &isPrime); - if (ret != 0) - return -12401; - if (isPrime) - return -12402; - - /* This test result should fail. It should indicate the value as prime. */ - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12403; - if (!isPrime) - return -12404; - - /* This test result should indicate the value as not prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12405; - if (isPrime) - return -12406; - - ret = mp_read_unsigned_bin(&n, controlPrime, sizeof(controlPrime)); - if (ret != 0) - return -12407; - - /* This test result should indicate the value as prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12408; - if (!isPrime) - return -12409; - - /* This test result should indicate the value as prime. */ - isPrime = -1; - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12410; - if (!isPrime) - return -12411; - - ret = mp_read_unsigned_bin(&n, testOne, sizeof(testOne)); - if (ret != 0) - return -12412; - - /* This test result should indicate the value as not prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12413; - if (isPrime) - return -12414; - - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12415; - if (isPrime) - return -12416; - - mp_clear(&p3); - mp_clear(&p2); - mp_clear(&p1); - mp_clear(&n); - wc_FreeRng(&rng); - - return 0; -} - -#endif /* WOLFSSL_PUBLIC_MP */ - - -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) -/* wc_BerToDer is only public facing in the case of test cert or opensslextra */ -typedef struct berDerTestData { - const byte *in; - word32 inSz; - const byte *out; - word32 outSz; -} berDerTestData; - -int berder_test(void) -{ - int ret; - int i; - word32 len = 0, l; - byte out[32]; - static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 }; - static const byte good1_out[] = { 0x30, 0x00 }; - static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 }; - static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; - static const byte good3_in[] = { - 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00 - }; - static const byte good3_out[] = { 0x04, 0x1, 0x01 }; - static const byte good4_in[] = { - 0x30, 0x80, - 0x02, 0x01, 0x01, - 0x30, 0x80, - 0x24, 0x80, - 0x04, 0x01, 0x01, - 0x04, 0x02, 0x02, 0x03, - 0x00, 0x00, - 0x06, 0x01, 0x01, - 0x00, 0x00, - 0x31, 0x80, - 0x06, 0x01, 0x01, - 0x00, 0x00, - 0x00, 0x00, - }; - static const byte good4_out[] = { - 0x30, 0x12, - 0x02, 0x01, 0x01, - 0x30, 0x08, - 0x04, 0x03, 0x01, 0x02, 0x03, - 0x06, 0x01, 0x01, - 0x31, 0x03, - 0x06, 0x01, 0x01 - }; - static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; - - berDerTestData testData[] = { - { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) }, - { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) }, - { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) }, - { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) }, - { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) }, - }; - - for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { - ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); - if (ret != LENGTH_ONLY_E) - return -12500 - i; - if (len != testData[i].outSz) - return -12510 - i; - len = testData[i].outSz; - ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); - if (ret != 0) - return -12520 - i; - if (XMEMCMP(out, testData[i].out, len) != 0) - return -12530 - i; - - for (l = 1; l < testData[i].inSz; l++) { - ret = wc_BerToDer(testData[i].in, l, NULL, &len); - if (ret != ASN_PARSE_E) - return -12540; - len = testData[i].outSz; - ret = wc_BerToDer(testData[i].in, l, out, &len); - if (ret != ASN_PARSE_E) - return -12541; - } - - for (l = 0; l < testData[i].outSz-1; l++) { - ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l); - if (ret != BUFFER_E) - return -12542; - } - } - - ret = wc_BerToDer(NULL, 4, NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -12543; - ret = wc_BerToDer(out, 4, NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -12544; - ret = wc_BerToDer(NULL, 4, NULL, &len); - if (ret != BAD_FUNC_ARG) - return -12545; - ret = wc_BerToDer(NULL, 4, out, NULL); - if (ret != BAD_FUNC_ARG) - return -12546; - ret = wc_BerToDer(out, 4, out, NULL); - if (ret != BAD_FUNC_ARG) - return -12547; - ret = wc_BerToDer(NULL, 4, out, &len); - if (ret != BAD_FUNC_ARG) - return -12548; - - for (l = 1; l < sizeof(good4_out); l++) { - len = l; - ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); - if (ret != BUFFER_E) - return -12549; - } - - return 0; -} -#endif - -#ifdef DEBUG_WOLFSSL -static THREAD_LS_T int log_cnt = 0; -static void my_Logging_cb(const int logLevel, const char *const logMessage) -{ - (void)logLevel; - (void)logMessage; - log_cnt++; -} -#endif /* DEBUG_WOLFSSL */ - -int logging_test(void) -{ -#ifdef DEBUG_WOLFSSL - const char* msg = "Testing, testing. 1, 2, 3, 4 ..."; - byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 }; - byte b[256]; - int i; - - for (i = 0; i < (int)sizeof(b); i++) - b[i] = i; - - if (wolfSSL_Debugging_ON() != 0) - return -12600; - - if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0) - return -12601; - - WOLFSSL_MSG(msg); - WOLFSSL_BUFFER(a, sizeof(a)); - WOLFSSL_BUFFER(b, sizeof(b)); - WOLFSSL_BUFFER(NULL, 0); - WOLFSSL_ERROR(MEMORY_E); - WOLFSSL_ERROR_MSG(msg); - - /* turn off logs */ - wolfSSL_Debugging_OFF(); - - /* capture log count */ - i = log_cnt; - - /* validate no logs are output when disabled */ - WOLFSSL_MSG(msg); - WOLFSSL_BUFFER(a, sizeof(a)); - WOLFSSL_BUFFER(b, sizeof(b)); - WOLFSSL_BUFFER(NULL, 0); - WOLFSSL_ERROR(MEMORY_E); - WOLFSSL_ERROR_MSG(msg); - - /* check the logs were disabled */ - if (i != log_cnt) - return -12602; - - /* restore callback and leave logging enabled */ - wolfSSL_SetLoggingCb(NULL); - wolfSSL_Debugging_ON(); - - /* suppress unused args */ - (void)a; - (void)b; - -#else - if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN) - return -12603; - wolfSSL_Debugging_OFF(); - if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN) - return -12604; -#endif /* DEBUG_WOLFSSL */ - return 0; -} - - -int mutex_test(void) -{ -#ifdef WOLFSSL_PTHREADS - wolfSSL_Mutex m; -#endif -#ifndef WOLFSSL_NO_MALLOC - wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); - if (mm == NULL) - return -12700; - wc_FreeMutex(mm); - XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX); -#endif - -#ifdef WOLFSSL_PTHREADS - if (wc_InitMutex(&m) != 0) - return -12701; - if (wc_LockMutex(&m) != 0) - return -12702; - if (wc_FreeMutex(&m) != BAD_MUTEX_E) - return -12703; - if (wc_UnLockMutex(&m) != 0) - return -12704; - if (wc_FreeMutex(&m) != 0) - return -12705; -#ifndef WOLFSSL_NO_MUTEXLOCK_AFTER_FREE - if (wc_LockMutex(&m) != BAD_MUTEX_E) - return -12706; - if (wc_UnLockMutex(&m) != BAD_MUTEX_E) - return -12707; -#endif -#endif - - return 0; -} - -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) - -#ifndef WOLFSSL_NO_MALLOC -static int malloc_cnt = 0; -static int realloc_cnt = 0; -static int free_cnt = 0; - -static void *my_Malloc_cb(size_t size) -{ - malloc_cnt++; - #ifndef WOLFSSL_NO_MALLOC - return malloc(size); - #else - WOLFSSL_MSG("No malloc available"); - (void)size; - return NULL; - #endif -} -static void my_Free_cb(void *ptr) -{ - free_cnt++; - #ifndef WOLFSSL_NO_MALLOC - free(ptr); - #else - WOLFSSL_MSG("No free available"); - (void)ptr; - #endif -} -static void *my_Realloc_cb(void *ptr, size_t size) -{ - realloc_cnt++; - #ifndef WOLFSSL_NO_MALLOC - return realloc(ptr, size); - #else - WOLFSSL_MSG("No realloc available"); - (void)ptr; - (void)size; - return NULL; - #endif -} -#endif /* !WOLFSSL_NO_MALLOC */ - -int memcb_test(void) -{ - int ret = 0; -#ifndef WOLFSSL_NO_MALLOC - byte* b = NULL; -#endif - wolfSSL_Malloc_cb mc; - wolfSSL_Free_cb fc; - wolfSSL_Realloc_cb rc; - - /* Save existing memory callbacks */ - if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0) - return -12800; - -#ifndef WOLFSSL_NO_MALLOC - /* test realloc */ - b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (b == NULL) { - ERROR_OUT(-12801, exit_memcb); - } - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); - b = NULL; - - /* Use API. */ - if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb, - (wolfSSL_Free_cb)(void*)&my_Free_cb, - (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) { - ERROR_OUT(-12802, exit_memcb); - } - - b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); - -#ifndef WOLFSSL_STATIC_MEMORY - if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1) -#else - if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) -#endif - ret = -12803; -#endif /* !WOLFSSL_NO_MALLOC */ - -#ifndef WOLFSSL_NO_MALLOC -exit_memcb: -#endif - - /* restore memory callbacks */ - wolfSSL_SetAllocators(mc, fc, rc); - - return ret; -} -#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */ - - -#ifdef WOLFSSL_IMX6_CAAM_BLOB -int blob_test(void) -{ - int ret = 0; - byte out[112]; - byte blob[112]; - word32 outSz; - - const byte iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte text[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12900, exit_blob); - } - - blob[outSz - 2] += 1; - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret == 0) { /* should fail with altered blob */ - ERROR_OUT(-12901, exit_blob); - } - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12902, exit_blob); - } - - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret != 0) { - ERROR_OUT(-12903, exit_blob); - } - - if (XMEMCMP(out, iv, sizeof(iv))) { - ERROR_OUT(-12904, exit_blob); - } - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12905, exit_blob); - } - - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret != 0) { - ERROR_OUT(-12906, exit_blob); - } - - if (XMEMCMP(out, text, sizeof(text))) { - ERROR_OUT(-12907, exit_blob); - } - - exit_blob: - - return ret; -} -#endif /* WOLFSSL_IMX6_CAAM_BLOB */ - -#ifdef WOLF_CRYPTO_CB - -/* Example custom context for crypto callback */ -typedef struct { - int exampleVar; /* example, not used */ -} myCryptoDevCtx; - - -/* Example crypto dev callback function that calls software version */ -static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) -{ - int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ - myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; - - if (info == NULL) - return BAD_FUNC_ARG; - -#ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Algo Type %d\n", info->algo_type); -#endif - - if (info->algo_type == WC_ALGO_TYPE_RNG) { - #ifndef WC_NO_RNG - /* set devId to invalid, so software is used */ - info->rng.rng->devId = INVALID_DEVID; - - ret = wc_RNG_GenerateBlock(info->rng.rng, - info->rng.out, info->rng.sz); - - /* reset devId */ - info->rng.rng->devId = devIdArg; - #endif - } - else if (info->algo_type == WC_ALGO_TYPE_SEED) { - #ifndef WC_NO_RNG - static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; - word32* seedWord32 = (word32*)seed; - word32 len; - - /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */ - while (info->seed.sz > 0) { - len = (word32)sizeof(seed); - if (info->seed.sz < len) - len = info->seed.sz; - XMEMCPY(info->seed.seed, seed, sizeof(seed)); - info->seed.seed += len; - info->seed.sz -= len; - (*seedWord32)++; - } - - ret = 0; - #endif - } - else if (info->algo_type == WC_ALGO_TYPE_PK) { - #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Pk Type %d\n", info->pk.type); - #endif - - #ifndef NO_RSA - if (info->pk.type == WC_PK_TYPE_RSA) { - /* set devId to invalid, so software is used */ - info->pk.rsa.key->devId = INVALID_DEVID; - - switch (info->pk.rsa.type) { - case RSA_PUBLIC_ENCRYPT: - case RSA_PUBLIC_DECRYPT: - /* perform software based RSA public op */ - ret = wc_RsaFunction( - info->pk.rsa.in, info->pk.rsa.inLen, - info->pk.rsa.out, info->pk.rsa.outLen, - info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); - break; - case RSA_PRIVATE_ENCRYPT: - case RSA_PRIVATE_DECRYPT: - /* perform software based RSA private op */ - ret = wc_RsaFunction( - info->pk.rsa.in, info->pk.rsa.inLen, - info->pk.rsa.out, info->pk.rsa.outLen, - info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); - break; - } - - /* reset devId */ - info->pk.rsa.key->devId = devIdArg; - } - #ifdef WOLFSSL_KEY_GEN - else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { - info->pk.rsakg.key->devId = INVALID_DEVID; - - ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, - info->pk.rsakg.e, info->pk.rsakg.rng); - - /* reset devId */ - info->pk.rsakg.key->devId = devIdArg; - } - #endif - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { - /* set devId to invalid, so software is used */ - info->pk.eckg.key->devId = INVALID_DEVID; - - ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, - info->pk.eckg.key, info->pk.eckg.curveId); - - /* reset devId */ - info->pk.eckg.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { - /* set devId to invalid, so software is used */ - info->pk.eccsign.key->devId = INVALID_DEVID; - - ret = wc_ecc_sign_hash( - info->pk.eccsign.in, info->pk.eccsign.inlen, - info->pk.eccsign.out, info->pk.eccsign.outlen, - info->pk.eccsign.rng, info->pk.eccsign.key); - - /* reset devId */ - info->pk.eccsign.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { - /* set devId to invalid, so software is used */ - info->pk.eccverify.key->devId = INVALID_DEVID; - - ret = wc_ecc_verify_hash( - info->pk.eccverify.sig, info->pk.eccverify.siglen, - info->pk.eccverify.hash, info->pk.eccverify.hashlen, - info->pk.eccverify.res, info->pk.eccverify.key); - - /* reset devId */ - info->pk.eccverify.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDH) { - /* set devId to invalid, so software is used */ - info->pk.ecdh.private_key->devId = INVALID_DEVID; - - ret = wc_ecc_shared_secret( - info->pk.ecdh.private_key, info->pk.ecdh.public_key, - info->pk.ecdh.out, info->pk.ecdh.outlen); - - /* reset devId */ - info->pk.ecdh.private_key->devId = devIdArg; - } - #endif /* HAVE_ECC */ - } - else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { -#if !defined(NO_AES) || !defined(NO_DES3) - #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; - - ret = wc_AesGcmEncrypt( - info->cipher.aesgcm_enc.aes, - info->cipher.aesgcm_enc.out, - info->cipher.aesgcm_enc.in, - info->cipher.aesgcm_enc.sz, - info->cipher.aesgcm_enc.iv, - info->cipher.aesgcm_enc.ivSz, - info->cipher.aesgcm_enc.authTag, - info->cipher.aesgcm_enc.authTagSz, - info->cipher.aesgcm_enc.authIn, - info->cipher.aesgcm_enc.authInSz); - - /* reset devId */ - info->cipher.aesgcm_enc.aes->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; - - ret = wc_AesGcmDecrypt( - info->cipher.aesgcm_dec.aes, - info->cipher.aesgcm_dec.out, - info->cipher.aesgcm_dec.in, - info->cipher.aesgcm_dec.sz, - info->cipher.aesgcm_dec.iv, - info->cipher.aesgcm_dec.ivSz, - info->cipher.aesgcm_dec.authTag, - info->cipher.aesgcm_dec.authTagSz, - info->cipher.aesgcm_dec.authIn, - info->cipher.aesgcm_dec.authInSz); - - /* reset devId */ - info->cipher.aesgcm_dec.aes->devId = devIdArg; - } - } - #endif /* HAVE_AESGCM */ - #ifdef HAVE_AES_CBC - if (info->cipher.type == WC_CIPHER_AES_CBC) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.aescbc.aes->devId = INVALID_DEVID; - - ret = wc_AesCbcEncrypt( - info->cipher.aescbc.aes, - info->cipher.aescbc.out, - info->cipher.aescbc.in, - info->cipher.aescbc.sz); - - /* reset devId */ - info->cipher.aescbc.aes->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.aescbc.aes->devId = INVALID_DEVID; - - ret = wc_AesCbcDecrypt( - info->cipher.aescbc.aes, - info->cipher.aescbc.out, - info->cipher.aescbc.in, - info->cipher.aescbc.sz); - - /* reset devId */ - info->cipher.aescbc.aes->devId = devIdArg; - } - } - #endif /* HAVE_AES_CBC */ - #ifndef NO_DES3 - if (info->cipher.type == WC_CIPHER_DES3) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.des3.des->devId = INVALID_DEVID; - - ret = wc_Des3_CbcEncrypt( - info->cipher.des3.des, - info->cipher.des3.out, - info->cipher.des3.in, - info->cipher.des3.sz); - - /* reset devId */ - info->cipher.des3.des->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.des3.des->devId = INVALID_DEVID; - - ret = wc_Des3_CbcDecrypt( - info->cipher.des3.des, - info->cipher.des3.out, - info->cipher.des3.in, - info->cipher.des3.sz); - - /* reset devId */ - info->cipher.des3.des->devId = devIdArg; - } - } - #endif /* !NO_DES3 */ -#endif /* !NO_AES || !NO_DES3 */ - } -#if !defined(NO_SHA) || !defined(NO_SHA256) - else if (info->algo_type == WC_ALGO_TYPE_HASH) { - #if !defined(NO_SHA) - if (info->hash.type == WC_HASH_TYPE_SHA) { - if (info->hash.sha1 == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hash.sha1->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_ShaUpdate( - info->hash.sha1, - info->hash.in, - info->hash.inSz); - } - if (info->hash.digest != NULL) { - ret = wc_ShaFinal( - info->hash.sha1, - info->hash.digest); - } - - /* reset devId */ - info->hash.sha1->devId = devIdArg; - } - else - #endif - #if !defined(NO_SHA256) - if (info->hash.type == WC_HASH_TYPE_SHA256) { - if (info->hash.sha256 == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hash.sha256->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_Sha256Update( - info->hash.sha256, - info->hash.in, - info->hash.inSz); - } - if (info->hash.digest != NULL) { - ret = wc_Sha256Final( - info->hash.sha256, - info->hash.digest); - } - - /* reset devId */ - info->hash.sha256->devId = devIdArg; - } - else - #endif - { - } - } -#endif /* !NO_SHA || !NO_SHA256 */ -#ifndef NO_HMAC - else if (info->algo_type == WC_ALGO_TYPE_HMAC) { - if (info->hmac.hmac == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hmac.hmac->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_HmacUpdate( - info->hmac.hmac, - info->hmac.in, - info->hmac.inSz); - } - else if (info->hash.digest != NULL) { - ret = wc_HmacFinal( - info->hmac.hmac, - info->hmac.digest); - } - - /* reset devId */ - info->hmac.hmac->devId = devIdArg; - } -#endif - - (void)devIdArg; - (void)myCtx; - - return ret; -} - -int cryptocb_test(void) -{ - int ret = 0; - myCryptoDevCtx myCtx; - - /* example data for callback */ - myCtx.exampleVar = 1; - - /* set devId to something other than INVALID_DEVID */ - devId = 1; - ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx); - -#ifndef WC_NO_RNG - if (ret == 0) - ret = random_test(); -#endif /* WC_NO_RNG */ -#ifndef NO_RSA - if (ret == 0) - ret = rsa_test(); -#endif -#ifdef HAVE_ECC - if (ret == 0) - ret = ecc_test(); -#endif -#ifndef NO_AES - #ifdef HAVE_AESGCM - if (ret == 0) - ret = aesgcm_test(); - #endif - #ifdef HAVE_AES_CBC - if (ret == 0) - ret = aes_test(); - #endif -#endif /* !NO_AES */ -#ifndef NO_DES3 - if (ret == 0) - ret = des3_test(); -#endif /* !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) - #ifndef NO_SHA - if (ret == 0) - ret = sha_test(); - #endif - #ifndef NO_SHA256 - if (ret == 0) - ret = sha256_test(); - #endif -#endif -#ifndef NO_HMAC - #ifndef NO_SHA - if (ret == 0) - ret = hmac_sha_test(); - #endif - #ifndef NO_SHA256 - if (ret == 0) - ret = hmac_sha256_test(); - #endif -#endif -#ifndef NO_PWDBASED - #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) - if (ret == 0) - ret = pbkdf2_test(); - #endif -#endif - - /* reset devId */ - devId = INVALID_DEVID; - - return ret; -} -#endif /* WOLF_CRYPTO_CB */ - -#ifdef WOLFSSL_CERT_PIV -int certpiv_test(void) -{ - int ret; - wc_CertPIV piv; - - /* Template for Identiv PIV cert, nonce and signature */ - const byte pivCertIdentiv[] = { - 0x0A, 0x0D, - 0x53, 0x04, /* NIST PIV Cert */ - 0x70, 0x02, /* Certificate */ - 0x30, 0x00, - 0x71, 0x01, 0x00, /* Cert Info */ - 0xFE, 0x00, /* Error Detection */ - 0x0B, 0x01, 0x00, /* Nonce */ - 0x0C, 0x01, 0x00, /* Signed Nonce */ - }; - - const byte pivCert[] = { - 0x53, 0x04, /* NIST PIV Cert */ - 0x70, 0x02, /* Certificate */ - 0x30, 0x00, - 0x71, 0x01, 0x00, /* Cert Info */ - 0xFE, 0x00, /* Error Detection */ - }; - - /* Test with identiv 0x0A, 0x0B and 0x0C markers */ - ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); - if (ret == 0) { - /* Test with NIST PIV format */ - ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); - } - - return ret; -} -#endif /* WOLFSSL_CERT_PIV */ - - -#undef ERROR_OUT - -#else - #ifndef NO_MAIN_DRIVER - int main() { return 0; } - #endif -#endif /* NO_CRYPT_TEST */ diff --git a/client/wolfssl/wolfcrypt/test/test.h b/client/wolfssl/wolfcrypt/test/test.h deleted file mode 100644 index 7a6fc7c..0000000 --- a/client/wolfssl/wolfcrypt/test/test.h +++ /dev/null @@ -1,43 +0,0 @@ -/* wolfcrypt/test/test.h - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifndef WOLFCRYPT_TEST_H -#define WOLFCRYPT_TEST_H - - -#ifdef __cplusplus - extern "C" { -#endif - -#ifdef HAVE_STACK_SIZE -THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args); -#else -int wolfcrypt_test(void* args); -#endif - -#ifdef __cplusplus - } /* extern "C" */ -#endif - - -#endif /* WOLFCRYPT_TEST_H */ - diff --git a/client/wolfssl/wolfcrypt/test/test.sln b/client/wolfssl/wolfcrypt/test/test.sln deleted file mode 100644 index 55b9872..0000000 --- a/client/wolfssl/wolfcrypt/test/test.sln +++ /dev/null @@ -1,59 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 9.00 -# Visual C++ Express 2005 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" - ProjectSection(ProjectDependencies) = postProject - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - DLL Debug|Win32 = DLL Debug|Win32 - DLL Debug|x64 = DLL Debug|x64 - DLL Release|Win32 = DLL Release|Win32 - DLL Release|x64 = DLL Release|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 - {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/client/wolfssl/wolfcrypt/test/test.vcproj b/client/wolfssl/wolfcrypt/test/test.vcproj deleted file mode 100644 index 9758d8b..0000000 --- a/client/wolfssl/wolfcrypt/test/test.vcproj +++ /dev/null @@ -1,197 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<VisualStudioProject - ProjectType="Visual C++" - Version="8.00" - Name="test" - ProjectGUID="{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" - Keyword="Win32Proj" - > - <Platforms> - <Platform - Name="Win32" - /> - </Platforms> - <ToolFiles> - </ToolFiles> - <Configurations> - <Configuration - Name="Debug|Win32" - OutputDirectory="Debug" - IntermediateDirectory="Debug" - ConfigurationType="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - /> - <Tool - Name="VCCLCompilerTool" - Optimization="0" - AdditionalIncludeDirectories="../..;../../IDE/WIN;" - PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" - MinimalRebuild="true" - BasicRuntimeChecks="3" - RuntimeLibrary="3" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="4" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - AdditionalDependencies="Ws2_32.lib" - LinkIncremental="2" - GenerateDebugInformation="true" - SubSystem="1" - TargetMachine="1" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - <Configuration - Name="Release|Win32" - OutputDirectory="Release" - IntermediateDirectory="Release" - ConfigurationType="1" - > - <Tool - Name="VCPreBuildEventTool" - /> - <Tool - Name="VCCustomBuildTool" - /> - <Tool - Name="VCXMLDataGeneratorTool" - /> - <Tool - Name="VCWebServiceProxyGeneratorTool" - /> - <Tool - Name="VCMIDLTool" - /> - <Tool - Name="VCCLCompilerTool" - AdditionalIncludeDirectories="../..;../../IDE/WIN;" - PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;" - RuntimeLibrary="2" - UsePrecompiledHeader="0" - WarningLevel="3" - Detect64BitPortabilityProblems="true" - DebugInformationFormat="3" - /> - <Tool - Name="VCManagedResourceCompilerTool" - /> - <Tool - Name="VCResourceCompilerTool" - /> - <Tool - Name="VCPreLinkEventTool" - /> - <Tool - Name="VCLinkerTool" - AdditionalDependencies="Ws2_32.lib" - LinkIncremental="2" - GenerateDebugInformation="true" - SubSystem="1" - OptimizeReferences="2" - EnableCOMDATFolding="2" - TargetMachine="1" - /> - <Tool - Name="VCALinkTool" - /> - <Tool - Name="VCManifestTool" - /> - <Tool - Name="VCXDCMakeTool" - /> - <Tool - Name="VCBscMakeTool" - /> - <Tool - Name="VCFxCopTool" - /> - <Tool - Name="VCAppVerifierTool" - /> - <Tool - Name="VCWebDeploymentTool" - /> - <Tool - Name="VCPostBuildEventTool" - /> - </Configuration> - </Configurations> - <References> - </References> - <Files> - <Filter - Name="Header Files" - Filter="h;hpp;hxx;hm;inl;inc;xsd" - UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}" - > - </Filter> - <Filter - Name="Resource Files" - Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx" - UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}" - > - </Filter> - <Filter - Name="Source Files" - Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx" - UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}" - > - <File - RelativePath=".\test.c" - > - </File> - </Filter> - </Files> - <Globals> - </Globals> -</VisualStudioProject> diff --git a/client/wolfssl/wolfcrypt/user-crypto/Makefile.am b/client/wolfssl/wolfcrypt/user-crypto/Makefile.am deleted file mode 100644 index d9c3ae3..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/Makefile.am +++ /dev/null @@ -1,9 +0,0 @@ -AM_CFLAGS=-I m4 - -#add in wolfssl directory -AM_CPPFLAGS+=-I$(abs_srcdir)/../../ -I$(srcdir)/include/ -lib_LTLIBRARIES = lib/libusercrypto.la -lib_libusercrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -lib_libusercrypto_la_LDFLAGS = $(AM_LDFLAGS) -lib_libusercrypto_la_SOURCES = src/rsa.c -include_HEADERS = include/user_rsa.h diff --git a/client/wolfssl/wolfcrypt/user-crypto/README.txt b/client/wolfssl/wolfcrypt/user-crypto/README.txt deleted file mode 100644 index 00b772f..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/README.txt +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -/* - Created to use intel's IPP see their license for linking to intel's IPP library - */ - - -##BUILDING ON 64BIT MAC OSX -Tested and developed on MAC OSX linking to IPP v9.0 - -for me exporting the IPP library was needed. As an example it was -export DYLD_LIBRARY_PATH="/opt/intel/ipp/lib" - -first go to the root wolfssl dir and run ./autogen.sh && ./configure it with desired settings then make. This is to set up the define options and wolfssl library for the user crypto to link to. - -Then go to the wolfssl/user-crypto directory and run ./autogen.sh && ./configure then make make install this creates a usercrypto library to use - -Finally go back to the root wolfssl directory and follow these build instructions - -building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files -An example build would be -./configure --with-user-crypto CPPFLAGS=-I/opt/intel/ipp/include --enable-lighty - - -##BUILDING IN 32BIT UBUNTU -Tested on UBUNTU 32 bit linking to IPP v9.0 - -for me exporting the IPP library. As an example it was -export LD_LIBRARY_PATH="/opt/intel/ipp/lib/ia32_lin/:$LD_LIBRARY_PATH" - -first go to the root wolfssl dir and configure it with desired settings and make install. This is to set up the define options and wolfssl library for the user crypto to link to. - -For me on Ubuntu the IPP libraries had been installed into /opt/intel/ipp/lib/ia32_lin/ so the ./configure LDFLAGS=-L/opt/intel/ipp/lib/ia32_lin was needed to be looking at that directory. -Run make && make install from the directory wolfssl_root/wolfssl/user-crypto/ this creates a usercrypto library to use - -Finally go back to the root wolfssl directory and follow these build instructions - -building wolfSSL add CPPFLAGS=-I/opt/intel/ipp/include for finding the IPP include files - -./configure --with-user-crypto=root_wolfssl/wolfssl/user-crypto CPPFLAGS=-I/opt/intel/ipp/include (plus any desired additional flags) - - -##THINGS TO CHECK FOR IF NOT ABLE TO LINK WITH USERCRYPTO LIB -Check that the path has been exported for the IPP library. If usercrypto is unable to use the function to init an RSA key then the link to it will fail in configure. Check for this by $DYLD_LIBRARY_PATH on mac or $LD_LIBRARY_PATH on ubuntu. If the directory for the Intel IPP libraries are not displayed than use "export DYLD_LIBRARY_PATH=path_to_ipp_libraries:$DYLD_LIBRARY_PATH". - - -##CREATING OWN RSA CRYPTO PLUGIN - -It is required to have a header file named user_rsa.h. This is what is looked for by wolfssl/wolfcrypt/rsa.h and should contain the user defined rsa key struct. - -It is required to have a library called usercrypto. This is linked to when configuring wolfSSL with the option --with-user-crypto - -It is required when compiled with RSA cert generation to have key struct elements named n and e containing the corresponding big numbers. And the three helper functions to work with the big numbers. These functions are called by wolfcrypt/src/asn.c when working with certificates. -To view the needed functions look at wolfssl/wolfcrypt/rsa.h they will be extern functions surrounded by HAVE_USER_RSA define. -Cert Generation for other sign and verify such as ECC are not yet supported. - -When building with openssl compatibility layer extra developent needs to be done, having the two functions SetRsaExernal and SetRsaInternal - -wolfSSL does not take responsibility for the strength of security of third party cryptography libraries plugged in by the user. diff --git a/client/wolfssl/wolfcrypt/user-crypto/autogen.sh b/client/wolfssl/wolfcrypt/user-crypto/autogen.sh deleted file mode 100644 index 89e475c..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/autogen.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# -# Create configure and makefile stuff... -# - -# Git hooks should come before autoreconf. -if test -d .git; then - if ! test -d .git/hooks; then - mkdir .git/hooks - fi - ln -s -f ../../pre-commit.sh .git/hooks/pre-commit - ln -s -f ../../pre-push.sh .git/hooks/pre-push -fi - -# If this is a source checkout then call autoreconf with error as well -if test -d .git; then - WARNINGS="all,error" -else - WARNINGS="all" -fi - -autoreconf --install --force --verbose - diff --git a/client/wolfssl/wolfcrypt/user-crypto/configure.ac b/client/wolfssl/wolfcrypt/user-crypto/configure.ac deleted file mode 100644 index 561b9cc..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/configure.ac +++ /dev/null @@ -1,44 +0,0 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. - -AC_PREREQ([2.63]) -AC_INIT([usercypto], [0.1], []) -AC_CONFIG_SRCDIR([src/rsa.c]) - -AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) - -LT_PREREQ([2.2]) -LT_INIT([disable-static]) -LT_LANG([C++]) -LT_LANG([C]) - -# Checks for programs. -AC_PROG_CC -AC_CONFIG_MACRO_DIR([m4]) - -# Checks for libraries. -AM_LDFLAGS=$LDFLAGS -LDFLAGS="$LDFLAGS -L/opt/intel/ipp/lib -lippcp -lippcore" - -# Path to find wolfssl/options and other includes -AM_CPPFLAGS=$CPPFLAGS -CPPFLAGS="$CPPFLAGS -I../../ -I/opt/intel/ipp/include" -AC_CHECK_LIB([ippcore], [ippGetStatusString], [], [AC_MSG_ERROR([ippcore library needed ./configure LDFLAGS=/path/to/ipp/lib])]) -AC_CHECK_LIB([ippcp], [ippsRSA_InitPublicKey], [], [AC_MSG_ERROR([ippcp library needed ./configure LDFLAGS=/path/to/ipp/lib])]) - -# check headers -AC_CHECK_HEADER([ippcp.h], [], [AC_MSG_ERROR([ippcp.h not found ./configure CPPFLAGS=-I/ipp/headers])]) -AC_CHECK_HEADER([ipp.h], [], [AC_MSG_ERROR([ipp.h not found ./configure CPPFLAGS=-I/ipp/headers])]) - -LDFLAGS=$AM_LDFLAGS -CPPFLAGS=$AM_CPPFLAGS - -AM_LDFLAGS="-L/opt/intel/ipp/lib -lippcp -lippcore" -AM_CPPFLAGS="-I/opt/intel/ipp/include" - -AC_SUBST([AM_CPPFLAGS]) -AC_SUBST([AM_LDFLAGS]) -AC_C_INLINE - -AC_CONFIG_FILES([Makefile]) -AC_OUTPUT diff --git a/client/wolfssl/wolfcrypt/user-crypto/include.am b/client/wolfssl/wolfcrypt/user-crypto/include.am deleted file mode 100644 index 6cc8577..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/include.am +++ /dev/null @@ -1,13 +0,0 @@ - -if BUILD_FAST_RSA -include_HEADERS += wolfcrypt/user-crypto/include/user_rsa.h -endif - -# user crypto plug in example -EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac -EXTRA_DIST+= wolfcrypt/user-crypto/autogen.sh -EXTRA_DIST+= wolfcrypt/user-crypto/include/user_rsa.h -EXTRA_DIST+= wolfcrypt/user-crypto/src/rsa.c -EXTRA_DIST+= wolfcrypt/user-crypto/lib/.gitkeep -EXTRA_DIST+= wolfcrypt/user-crypto/README.txt -EXTRA_DIST+= wolfcrypt/user-crypto/Makefile.am diff --git a/client/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h b/client/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h deleted file mode 100644 index 59fc85d..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/include/user_rsa.h +++ /dev/null @@ -1,137 +0,0 @@ -/* user_rsa.h - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -/* - Created to use intel's IPP see their license for linking to intel's IPP library - */ - -#ifndef USER_WOLF_CRYPT_RSA_H -#define USER_WOLF_CRYPT_RSA_H - -#include <wolfssl/wolfcrypt/settings.h> - -#ifndef NO_RSA - -#include <wolfssl/wolfcrypt/types.h> -#include <wolfssl/wolfcrypt/random.h> - -/* intels crypto */ -#include <ipp.h> -#include <ippcp.h> - -#ifdef __cplusplus - extern "C" { -#endif - -/* needed for WOLFSSL_RSA type but use macro guard against redefine */ -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TYPES_DEFINED) \ - && !defined(WOLFSSL_RSA_TYPE_DEFINED) - struct WOLFSSL_RSA; - typedef struct WOLFSSL_RSA WOLFSSL_RSA; - #define WOLFSSL_RSA_TYPE_DEFINED -#endif - - -enum { - RSA_PUBLIC = 0, - RSA_PRIVATE = 1, -}; - -/* RSA */ -struct RsaKey { - IppsBigNumState* n; - IppsBigNumState* e; - IppsBigNumState* dipp; - IppsBigNumState* pipp; - IppsBigNumState* qipp; - IppsBigNumState* dPipp; - IppsBigNumState* dQipp; - IppsBigNumState* uipp; - int nSz, eSz, dSz; - IppsRSAPublicKeyState* pPub; - IppsRSAPrivateKeyState* pPrv; - word32 prvSz; /* size of private key */ - word32 sz; /* size of signature */ - int type; /* public or private */ - void* heap; /* for user memory overrides */ -}; - -#ifndef WC_RSAKEY_TYPE_DEFINED - typedef struct RsaKey RsaKey; - #define WC_RSAKEY_TYPE_DEFINED -#endif - -WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*); -WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); -WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); - -WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, WC_RNG* rng); -WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, - RsaKey* key); -WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key); -WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, WC_RNG* rng); -WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, - RsaKey* key); -WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key); -WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); - -WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, - RsaKey*, word32); -WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, - word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); -WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, - RsaKey*, word32); -WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, - const byte* e, word32 eSz, RsaKey* key); -WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); -WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); -#ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); -#endif -WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, - word32*); -WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); - - -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) - /* abstracted BN operations with RSA key */ - WOLFSSL_API int wc_Rsa_leading_bit(void* BN); - WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN); - - /* return MP_OKAY on success */ - WOLFSSL_API int wc_Rsa_to_unsigned_bin(void* BN, byte* in, int inLen); -#endif - -#ifdef OPENSSL_EXTRA /* abstracted functions to deal with rsa key */ - WOLFSSL_API int SetRsaExternal(WOLFSSL_RSA* rsa); - WOLFSSL_API int SetRsaInternal(WOLFSSL_RSA* rsa); -#endif -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* NO_RSA */ -#endif /* USER_WOLF_CRYPT_RSA_H */ diff --git a/client/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep b/client/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep deleted file mode 100644 index e69de29..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/lib/.gitkeep +++ /dev/null diff --git a/client/wolfssl/wolfcrypt/user-crypto/src/rsa.c b/client/wolfssl/wolfcrypt/user-crypto/src/rsa.c deleted file mode 100644 index a9f5afd..0000000 --- a/client/wolfssl/wolfcrypt/user-crypto/src/rsa.c +++ /dev/null @@ -1,2790 +0,0 @@ -/* rsa.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H /* configure options when using autoconf */ - #include <config.h> -#endif - -#include <wolfssl/options.h> -#include <wolfssl/wolfcrypt/settings.h> - -#ifndef NO_RSA - -#define USER_CRYPTO_ERROR -101 - -#ifdef OPENSSL_EXTRA - #include <wolfssl/openssl/rsa.h> /* include for openssl compatibility */ - #include <wolfssl/openssl/bn.h> -#endif -#include "user_rsa.h" - -#ifdef DEBUG_WOLFSSL /* debug done without variadric to allow older compilers */ - #include <stdio.h> - #define USER_DEBUG(x) printf x -#else - #define USER_DEBUG(x) -#endif - -#define ASN_INTEGER 0x02 -#define ASN_BIT_STRING 0x03 -#define ASN_TAG_NULL 0x05 -#define ASN_OBJECT_ID 0x06 - - -/* Make sure compiler doesn't skip -- used from wolfSSL */ -static inline void ForceZero(const void* mem, word32 len) -{ - volatile byte* z = (volatile byte*)mem; - - while (len--) *z++ = 0; -} - -enum { - RSA_PUBLIC_ENCRYPT = 0, - RSA_PUBLIC_DECRYPT = 1, - RSA_PRIVATE_ENCRYPT = 2, - RSA_PRIVATE_DECRYPT = 3, - - RSA_BLOCK_TYPE_1 = 1, - RSA_BLOCK_TYPE_2 = 2, - - RSA_MIN_SIZE = 512, - RSA_MAX_SIZE = 4096, /* max allowed in IPP library */ - - RSA_MIN_PAD_SZ = 11 /* separator + 0 + pad value + 8 pads */ -}; - - -int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) -{ - - USER_DEBUG(("Entering wc_InitRsaKey\n")); - - if (key == NULL) - return USER_CRYPTO_ERROR; - - /* set full struct as 0 */ - ForceZero(key, sizeof(RsaKey)); - - USER_DEBUG(("\tExit wc_InitRsaKey\n")); - - (void)devId; - (void)heap; - return 0; -} - -int wc_InitRsaKey(RsaKey* key, void* heap) -{ - return wc_InitRsaKey_ex(key, heap, INVALID_DEVID); -} - - -/* three functions needed for cert and key gen */ -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) -/* return 1 if there is a leading bit*/ -int wc_Rsa_leading_bit(void* bn) -{ - int ret = 0; - int dataSz; - Ipp32u* data; - Ipp32u q; - int qSz = sizeof(Ipp32u); - - if (ippsExtGet_BN(NULL, &dataSz, NULL, bn) != ippStsNoErr) { - USER_DEBUG(("ippsExtGet_BN Rsa leading bit error\n")); - return USER_CRYPTO_ERROR; - } - - /* convert from size in binary to Ipp32u */ - dataSz = dataSz / 32 + ((dataSz % 32)? 1 : 0); - data = (Ipp32u*)XMALLOC(dataSz * sizeof(Ipp32u), NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (data == NULL) { - USER_DEBUG(("Rsa leading bit memory error\n")); - return 0; - } - - /* extract value from BN */ - if (ippsExtGet_BN(NULL, NULL, data, bn) != ippStsNoErr) { - USER_DEBUG(("Rsa leading bit error\n")); - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return 0; - } - - /* use method like what's used in wolfssl tfm.c */ - q = data[dataSz - 1]; - - ret = 0; - while (qSz > 0) { - if (q != 0) - ret = (q & 0x80) != 0; - q >>= 8; - qSz--; - } - - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return ret; -} - - -/* get the size in bytes of BN */ -int wc_Rsa_unsigned_bin_size(void* bn) -{ - int ret = 0; - if (ippsExtGet_BN(NULL, &ret, NULL, bn) != ippStsNoErr) { - USER_DEBUG(("Rsa unsigned bin size error\n")); - return USER_CRYPTO_ERROR; - } - return (ret / 8) + ((ret % 8)? 1: 0); /* size in bytes */ -} - -#ifndef MP_OKAY -#define MP_OKAY 0 -#endif - -/* extract the bn value to a unsigned byte array and return MP_OKAY on success */ -int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen) -{ - if (ippsGetOctString_BN((Ipp8u*)in, inLen, bn) != ippStsNoErr) { - USER_DEBUG(("Rsa to unsigned bin error\n")); - return USER_CRYPTO_ERROR; - } - return MP_OKAY; -} -#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ - - -#ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */ -static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in) -{ - IppStatus ret; - byte* data; - int sz; - - USER_DEBUG(("Entering SetIndividualExternal\n")); - - if (bn == NULL || in == NULL) { - USER_DEBUG(("inputs NULL error\n")); - return USER_CRYPTO_ERROR; - } - - if (*bn == NULL) { - *bn = wolfSSL_BN_new(); - if (*bn == NULL) { - USER_DEBUG(("SetIndividualExternal alloc failed\n")); - return USER_CRYPTO_ERROR; - } - } - - /* get size of array needed and extract oct array of data */ - ret = ippsGetSize_BN(in, &sz); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (data == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsGetOctString_BN(data, sz, in); - if (ret != ippStsNoErr) { - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return USER_CRYPTO_ERROR; - } - - /* store the data into a wolfSSL Big Number */ - *bn = wolfSSL_BN_bin2bn(data, sz, *bn); - - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return 0; -} - - -static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi) -{ - int length, ctxSz, sz; - IppStatus ret; - Ipp8u* data; - - USER_DEBUG(("Entering SetIndividualInternal\n")); - - if (bn == NULL || bn->internal == NULL) { - USER_DEBUG(("bn NULL error\n")); - return USER_CRYPTO_ERROR; - } - - length = wolfSSL_BN_num_bytes(bn); - - /* if not IPP BN then create one */ - if (*mpi == NULL) { - ret = ippsBigNumGetSize(length, &ctxSz); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (*mpi == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsBigNumInit(length, *mpi); - if (ret != ippStsNoErr) { - XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return USER_CRYPTO_ERROR; - } - - } - - /* get the size of array needed and check IPP BigNum */ - if (ippsGetSize_BN(*mpi, &sz) != ippStsNoErr) - return USER_CRYPTO_ERROR; - - if (sz < length) { - USER_DEBUG(("big num size is too small\n")); - return USER_CRYPTO_ERROR; - } - - data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (data == NULL) - return USER_CRYPTO_ERROR; - - /* extract the wolfSSL BigNum and store it into IPP BigNum */ - if (wolfSSL_BN_bn2bin(bn, data) < 0) { - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - USER_DEBUG(("error in getting bin from wolfssl bn\n")); - return USER_CRYPTO_ERROR; - } - - ret = ippsSetOctString_BN(data, length, *mpi); - if (ret != ippStsNoErr) { - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return USER_CRYPTO_ERROR; - } - - XFREE(data, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return 0; -} - - -/* WolfSSL -> OpenSSL */ -int SetRsaExternal(WOLFSSL_RSA* rsa) -{ - RsaKey* key; - USER_DEBUG(("Entering SetRsaExternal\n")); - - if (rsa == NULL || rsa->internal == NULL) { - USER_DEBUG(("rsa key NULL error\n")); - return USER_CRYPTO_ERROR; - } - - key = (RsaKey*)rsa->internal; - - if (SetIndividualExternal(&rsa->n, key->n) != 0) { - USER_DEBUG(("rsa n key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->e, key->e) != 0) { - USER_DEBUG(("rsa e key error\n")); - return USER_CRYPTO_ERROR; - } - - if (key->type == RSA_PRIVATE) { - if (SetIndividualExternal(&rsa->d, key->dipp) != 0) { - USER_DEBUG(("rsa d key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->p, key->pipp) != 0) { - USER_DEBUG(("rsa p key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->q, key->qipp) != 0) { - USER_DEBUG(("rsa q key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->dmp1, key->dPipp) != 0) { - USER_DEBUG(("rsa dP key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->dmq1, key->dQipp) != 0) { - USER_DEBUG(("rsa dQ key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualExternal(&rsa->iqmp, key->uipp) != 0) { - USER_DEBUG(("rsa u key error\n")); - return USER_CRYPTO_ERROR; - } - } - - rsa->exSet = 1; - - /* SSL_SUCCESS */ - return 1; -} - - -/* Openssl -> WolfSSL */ -int SetRsaInternal(WOLFSSL_RSA* rsa) -{ - int ctxSz, pSz, qSz; - IppStatus ret; - RsaKey* key; - USER_DEBUG(("Entering SetRsaInternal\n")); - - if (rsa == NULL || rsa->internal == NULL) { - USER_DEBUG(("rsa key NULL error\n")); - return USER_CRYPTO_ERROR; - } - - key = (RsaKey*)rsa->internal; - - if (SetIndividualInternal(rsa->n, &key->n) != 0) { - USER_DEBUG(("rsa n key error\n")); - return USER_CRYPTO_ERROR; - } - - if (SetIndividualInternal(rsa->e, &key->e) != 0) { - USER_DEBUG(("rsa e key error\n")); - return USER_CRYPTO_ERROR; - } - - /* public key */ - key->type = RSA_PUBLIC; - - if (rsa->d != NULL) { - if (SetIndividualInternal(rsa->d, &key->dipp) != 0) { - USER_DEBUG(("rsa d key error\n")); - return USER_CRYPTO_ERROR; - } - - /* private key */ - key->type = RSA_PRIVATE; - } - - if (rsa->p != NULL && - SetIndividualInternal(rsa->p, &key->pipp) != 0) { - USER_DEBUG(("rsa p key error\n")); - return USER_CRYPTO_ERROR; - } - - if (rsa->q != NULL && - SetIndividualInternal(rsa->q, &key->qipp) != 0) { - USER_DEBUG(("rsa q key error\n")); - return USER_CRYPTO_ERROR; - } - - if (rsa->dmp1 != NULL && - SetIndividualInternal(rsa->dmp1, &key->dPipp) != 0) { - USER_DEBUG(("rsa dP key error\n")); - return USER_CRYPTO_ERROR; - } - - if (rsa->dmq1 != NULL && - SetIndividualInternal(rsa->dmq1, &key->dQipp) != 0) { - USER_DEBUG(("rsa dQ key error\n")); - return USER_CRYPTO_ERROR; - } - - if (rsa->iqmp != NULL && - SetIndividualInternal(rsa->iqmp, &key->uipp) != 0) { - USER_DEBUG(("rsa u key error\n")); - return USER_CRYPTO_ERROR; - } - - rsa->inSet = 1; - - /* get sizes of IPP BN key states created from input */ - ret = ippsGetSize_BN(key->n, &key->nSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsGetSize_BN(key->e, &key->eSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->sz = key->nSz; /* set modulus size */ - - /* convert to size in bits */ - key->nSz = key->nSz * 8; - key->eSz = key->eSz * 8; - - /* set up public key state */ - ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPub == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - if (key->pipp != NULL && key->qipp != NULL && key->dipp != NULL && - key->dPipp != NULL && key->dQipp != NULL && key->uipp != NULL) { - /* get bn sizes needed for private key set up */ - ret = ippsGetSize_BN(key->pipp, &pSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsGetSize_BN(key->qipp, &qSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* store sizes needed for creating tmp private keys */ - ret = ippsGetSize_BN(key->dipp, &key->dSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* convert to size in bits */ - key->dSz = key->dSz * 8; - pSz = pSz * 8; - qSz = qSz * 8; - - /* set up private key state */ - ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->prvSz = ctxSz; - key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPrv == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp, - key->dQipp, key->uipp, key->pPrv); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - } - - /* SSL_SUCCESS */ - return 1; -} -#endif /* OPENSSLEXTRA */ - - -/* Padding scheme function used in wolfSSL for signing needed for matching - existing API signing scheme - input : the msg to be signed - inputLen : length of input msg - pkcsBlock : the outputted padded msg - pkcsBlockLen : length of outputted padded msg buffer - padValue : the padded value after first 00 , is either 01 or 02 - rng : random number generator structure - */ -static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, WC_RNG* rng) -{ - if (inputLen == 0 || pkcsBlockLen == 0) { - return USER_CRYPTO_ERROR; - } - - pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ - pkcsBlock++; pkcsBlockLen--; - pkcsBlock[0] = padValue; /* insert padValue */ - - if (padValue == RSA_BLOCK_TYPE_1) { - if (pkcsBlockLen < inputLen + 2) { - return USER_CRYPTO_ERROR; - } - - /* pad with 0xff bytes */ - XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); - } - else { - /* pad with non-zero random bytes */ - word32 padLen, i; - int ret; - - if (pkcsBlockLen < inputLen + 1) { - return USER_CRYPTO_ERROR; - } - - padLen = pkcsBlockLen - inputLen - 1; - ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); - - if (ret != 0) - return ret; - - /* remove zeros */ - for (i = 1; i < padLen; i++) - if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; - } - - pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ - XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); - - return 0; -} - - -/* UnPad plaintext, set start to *output, return length of plaintext, - * < 0 on error */ -static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, - byte **output, byte padValue) -{ - word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, - invalid = 0, - i = 1, - outputLen; - - if (pkcsBlockLen == 0) { - return USER_CRYPTO_ERROR; - } - - if (pkcsBlock[0] != 0x0) /* skip past zero */ - invalid = 1; - pkcsBlock++; pkcsBlockLen--; - - /* Require block type padValue */ - invalid = (pkcsBlock[0] != padValue) || invalid; - - /* verify the padding until we find the separator */ - if (padValue == RSA_BLOCK_TYPE_1) { - while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */} - } - else { - while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */} - } - - if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { - USER_DEBUG(("RsaUnPad error, bad formatting\n")); - return USER_CRYPTO_ERROR; - } - - outputLen = pkcsBlockLen - i; - invalid = (outputLen > maxOutputLen) || invalid; - - if (invalid) { - USER_DEBUG(("RsaUnPad error, bad formatting\n")); - return USER_CRYPTO_ERROR; - } - - *output = (byte *)(pkcsBlock + i); - return outputLen; -} - - -/* Set up memory and structure for a Big Number - * returns ippStsNoErr on success - */ -static IppStatus init_bn(IppsBigNumState** in, int sz) -{ - int ctxSz; - IppStatus ret; - - ret = ippsBigNumGetSize(sz, &ctxSz); - if (ret != ippStsNoErr) { - return ret; - } - - *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (*in == NULL) { - return ippStsNoMemErr; - } - - ret = ippsBigNumInit(sz, *in); - if (ret != ippStsNoErr) { - XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO); - *in = NULL; - return ret; - } - - return ippStsNoErr; -} - - -/* Set up memory and structure for a Montgomery struct - * returns ippStsNoErr on success - */ -static IppStatus init_mont(IppsMontState** mont, int* ctxSz, - IppsBigNumState* modul) -{ - int mSz; - Ipp32u* m; - IppStatus ret; - - ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul); - if (ret != ippStsNoErr) { - return ret; - } - - /* convert bits to Ipp32u array size and round up - 32 is number of bits in type */ - mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0); - m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO); - if (m == NULL) { - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return ippStsNoMemErr; - } - - ret = ippsExtGet_BN(NULL, NULL, m, modul); - if (ret != ippStsNoErr) { - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return ret; - } - - ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz); - if (ret != ippStsNoErr) { - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return ret; - } - - /* 2. Allocate working buffer using malloc */ - *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (*mont == NULL) { - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return ippStsNoMemErr; - } - ret = ippsMontInit(IppsSlidingWindows, mSz, *mont); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret))); - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - *mont = NULL; - return ret; - } - - /* 3. Call the function MontSet to set big number module */ - ret = ippsMontSet(m, mSz, *mont); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret))); - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - *mont = NULL; - return ret; - } - - XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return ippStsNoErr; -} - - - -int wc_FreeRsaKey(RsaKey* key) -{ - if (key == NULL) - return 0; - - USER_DEBUG(("Entering wc_FreeRsaKey\n")); - - if (key->pPub != NULL) { - XFREE(key->pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->pPub = NULL; - } - - if (key->pPrv != NULL) { - /* write over sensitive information */ - ForceZero(key->pPrv, key->prvSz); - XFREE(key->pPrv, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->pPrv = NULL; - } - - if (key->n != NULL) { - XFREE(key->n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->n = NULL; - } - - if (key->e != NULL) { - XFREE(key->e, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->e = NULL; - } - - if (key->dipp != NULL) { - XFREE(key->dipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->dipp = NULL; - } - - if (key->pipp != NULL) { - XFREE(key->pipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->pipp = NULL; - } - - if (key->qipp != NULL) { - XFREE(key->qipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->qipp = NULL; - } - - if (key->dPipp != NULL) { - XFREE(key->dPipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->dPipp = NULL; - } - - if (key->dQipp != NULL) { - XFREE(key->dQipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->dQipp = NULL; - } - - if (key->uipp != NULL) { - XFREE(key->uipp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - key->uipp = NULL; - } - - USER_DEBUG(("\tExit wc_FreeRsaKey\n")); - (void)key; - - return 0; -} - - -/* Some parsing functions from wolfSSL code needed to match wolfSSL API used */ -static int GetLength(const byte* input, word32* inOutIdx, int* len, - word32 maxIdx) -{ - int length = 0; - word32 idx = *inOutIdx; - byte b; - - *len = 0; /* default length */ - - if ((idx + 1) > maxIdx) { /* for first read */ - USER_DEBUG(("GetLength bad index on input\n")); - return USER_CRYPTO_ERROR; - } - - b = input[idx++]; - if (b >= 0x80) { - word32 bytes = b & 0x7F; - - if ((idx + bytes) > maxIdx) { /* for reading bytes */ - USER_DEBUG(("GetLength bad long length\n")); - return USER_CRYPTO_ERROR; - } - - while (bytes--) { - b = input[idx++]; - length = (length << 8) | b; - } - } - else - length = b; - - if ((idx + length) > maxIdx) { /* for user of length */ - USER_DEBUG(("GetLength value exceeds buffer length\n")); - return USER_CRYPTO_ERROR; - } - - *inOutIdx = idx; - if (length > 0) - *len = length; - - return length; -} - -static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len, - word32 maxIdx) -{ - word32 idx = *inOutIdx; - byte b; - int length; - - if ((idx + 1) > maxIdx) - return USER_CRYPTO_ERROR; - - b = input[idx++]; - if (b != tag) - return USER_CRYPTO_ERROR; - - if (GetLength(input, &idx, &length, maxIdx) < 0) - return USER_CRYPTO_ERROR; - - *len = length; - *inOutIdx = idx; - return length; -} - -static int GetASNInt(const byte* input, word32* inOutIdx, int* len, - word32 maxIdx) -{ - int ret; - - ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx); - if (ret < 0) - return ret; - - if (*len > 0) { - /* remove leading zero, unless there is only one 0x00 byte */ - if ((input[*inOutIdx] == 0x00) && (*len > 1)) { - (*inOutIdx)++; - (*len)--; - - if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) - return USER_CRYPTO_ERROR; - } - } - - return 0; -} - -static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx, - word32 maxIdx) -{ - IppStatus ret; - word32 idx = *inOutIdx; - int length; - int ctxSz; - - if (GetASNInt(input, &idx, &length, maxIdx) < 0) { - return USER_CRYPTO_ERROR; - } - - ret = ippsBigNumGetSize(length, &ctxSz); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (*mpi == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsBigNumInit(length, *mpi); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - ret = ippsSetOctString_BN((Ipp8u*)input + idx, length, *mpi); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - *inOutIdx = idx + length; - return 0; -} - - -static int GetSequence(const byte* input, word32* inOutIdx, int* len, - word32 maxIdx) -{ - int length = -1; - word32 idx = *inOutIdx; - - if ((idx + 1) > maxIdx) - return USER_CRYPTO_ERROR; - - if (input[idx++] != (0x10 | 0x20) || - GetLength(input, &idx, &length, maxIdx) < 0) - return USER_CRYPTO_ERROR; - - *len = length; - *inOutIdx = idx; - - return length; -} - - -static int GetMyVersion(const byte* input, word32* inOutIdx, - int* version, word32 maxIdx) -{ - word32 idx = *inOutIdx; - - if ((idx + 3) > maxIdx) - return USER_CRYPTO_ERROR; - - if (input[idx++] != 0x02) - return USER_CRYPTO_ERROR; - - if (input[idx++] != 0x01) - return USER_CRYPTO_ERROR; - - *version = input[idx++]; - *inOutIdx = idx; - - return *version; -} - - -int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, - word32 inSz) -{ - int version, length; - int ctxSz, pSz, qSz; - IppStatus ret; - - if (input == NULL || inOutIdx == NULL || key == NULL) { - return USER_CRYPTO_ERROR; - } - - USER_DEBUG(("Entering wc_RsaPrivateKeyDecode\n")); - - /* read in key information */ - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return USER_CRYPTO_ERROR; - - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return USER_CRYPTO_ERROR; - - key->type = RSA_PRIVATE; - - if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || - GetInt(&key->e, input, inOutIdx, inSz) < 0 || - GetInt(&key->dipp, input, inOutIdx, inSz) < 0 || - GetInt(&key->pipp, input, inOutIdx, inSz) < 0 || - GetInt(&key->qipp, input, inOutIdx, inSz) < 0 || - GetInt(&key->dPipp, input, inOutIdx, inSz) < 0 || - GetInt(&key->dQipp, input, inOutIdx, inSz) < 0 || - GetInt(&key->uipp, input, inOutIdx, inSz) < 0 ) - return USER_CRYPTO_ERROR; - - /* get sizes of IPP BN key states created from input */ - ret = ippsGetSize_BN(key->n, &key->nSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsGetSize_BN(key->e, &key->eSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->sz = key->nSz; /* set modulus size */ - - /* convert to size in bits */ - key->nSz = key->nSz * 8; - key->eSz = key->eSz * 8; - - /* set up public key state */ - ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPub == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* get bn sizes needed for private key set up */ - ret = ippsGetSize_BN(key->pipp, &pSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsGetSize_BN(key->qipp, &qSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* store sizes needed for creating tmp private keys */ - ret = ippsGetSize_BN(key->dipp, &key->dSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* convert to size in bits */ - key->dSz = key->dSz * 8; - pSz = pSz * 8; - qSz = qSz * 8; - - /* set up private key state */ - ret = ippsRSA_GetSizePrivateKeyType2(pSz, qSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->prvSz = ctxSz; - key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPrv == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPrivateKeyType2(pSz, qSz, key->pPrv, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPrivateKeyType2(key->pipp, key->qipp, key->dPipp, - key->dQipp, key->uipp, key->pPrv); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - USER_DEBUG(("\tExit wc_RsaPrivateKeyDecode\n")); - - return 0; -} - - -int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, - word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz) -{ - IppStatus ret = 0; - int length; -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - byte b; -#endif - - if (input == NULL || inOutIdx == NULL) { - return USER_CRYPTO_ERROR; - } - - USER_DEBUG(("Entering wc_RsaPublicKeyDecode_ex\n")); - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return USER_CRYPTO_ERROR; - -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - if ((*inOutIdx + 1) > inSz) - return USER_CRYPTO_ERROR; - - b = input[*inOutIdx]; - if (b != ASN_INTEGER) { - /* not from decoded cert, will have algo id, skip past */ - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return USER_CRYPTO_ERROR; - - b = input[(*inOutIdx)++]; - if (b != ASN_OBJECT_ID) - return USER_CRYPTO_ERROR; - - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return USER_CRYPTO_ERROR; - - *inOutIdx += length; /* skip past */ - - /* could have NULL tag and 0 terminator, but may not */ - b = input[(*inOutIdx)++]; - - if (b == ASN_TAG_NULL) { - b = input[(*inOutIdx)++]; - if (b != 0) - return USER_CRYPTO_ERROR; - } - else { - /* go back, didn't have it */ - (*inOutIdx)--; - } - - /* should have bit tag length and seq next */ - b = input[(*inOutIdx)++]; - if (b != ASN_BIT_STRING) - return USER_CRYPTO_ERROR; - - if (GetLength(input, inOutIdx, &length, inSz) <= 0) - return USER_CRYPTO_ERROR; - - /* could have 0 */ - b = input[(*inOutIdx)++]; - if (b != 0) - (*inOutIdx)--; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return USER_CRYPTO_ERROR; - } -#endif /* OPENSSL_EXTRA || RSA_DECODE_EXTRA */ - - /* Get modulus */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - if (ret < 0) { - return USER_CRYPTO_ERROR; - } - if (nSz) - *nSz = length; - if (n) - *n = &input[*inOutIdx]; - *inOutIdx += length; - - /* Get exponent */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - if (ret < 0) { - return USER_CRYPTO_ERROR; - } - if (eSz) - *eSz = length; - if (e) - *e = &input[*inOutIdx]; - *inOutIdx += length; - - USER_DEBUG(("\tExit wc_RsaPublicKeyDecode_ex\n")); - - return ret; -} - -/* read in a public RSA key */ -int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, - word32 inSz) -{ - IppStatus ret; - const byte *n = NULL, *e = NULL; - word32 nSz = 0, eSz = 0; - - if (key == NULL) - return USER_CRYPTO_ERROR; - - USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n")); - - ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, inSz, &n, &nSz, &e, &eSz); - if (ret == 0) { - ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key); - } - - USER_DEBUG(("\tExit RsaPublicKeyDecode\n")); - - return ret; -} - -/* import RSA public key elements (n, e) into RsaKey structure (key) */ -int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, - word32 eSz, RsaKey* key) -{ - IppStatus ret; - int ctxSz; - - USER_DEBUG(("Entering wc_RsaPublicKeyDecodeRaw\n")); - - if (n == NULL || e == NULL || key == NULL) - return USER_CRYPTO_ERROR; - - /* set up IPP key states -- read in n */ - ret = init_bn(&key->n, nSz); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - ret = ippsSetOctString_BN((Ipp8u*)n, nSz, key->n); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - /* read in e */ - ret = init_bn(&key->e, eSz); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - ret = ippsSetOctString_BN((Ipp8u*)e, eSz, key->e); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - /* store size and convert to binary */ - key->sz = nSz; - nSz = nSz * 8; - eSz = eSz * 8; - - /* set up public key state */ - ret = ippsRSA_GetSizePublicKey(nSz, eSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPub == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPublicKey(nSz, eSz, key->pPub, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPublicKey(key->n,key->e, key->pPub); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - key->nSz = nSz; - key->eSz = eSz; - key->type = RSA_PUBLIC; - - return 0; -} - - -/* encrypt using PKCS v15 */ -int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, WC_RNG* rng) -{ - IppStatus ret; - Ipp8u* scratchBuffer; - int scratchSz; - - if (key == NULL || in == NULL || out == NULL) - return USER_CRYPTO_ERROR; - - if (key->pPub == NULL || outLen < key->sz) - return USER_CRYPTO_ERROR; - - /* set size of scratch buffer */ - ret = ippsRSA_GetBufferSizePublicKey(&scratchSz, key->pPub); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); - if (scratchBuffer == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSAEncrypt_PKCSv15((Ipp8u*)in, inLen, NULL, (Ipp8u*)out, - key->pPub, scratchBuffer); - if (ret != ippStsNoErr) { - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - USER_DEBUG(("encrypt error of %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - (void)rng; - return key->sz; -} - - -/* decrypt using PLCS v15 */ -int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key) -{ - IppStatus ret; - Ipp8u* scratchBuffer; - int scratchSz; - int outSz; - - if (in == NULL || out == NULL || key == NULL) - return USER_CRYPTO_ERROR; - - if (key->pPrv == NULL || inLen != key->sz) - return USER_CRYPTO_ERROR; - - outSz = outLen; - - /* set size of scratch buffer */ - ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv); - if (ret != ippStsNoErr) { - return USER_CRYPTO_ERROR; - } - - scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); - if (scratchBuffer == NULL) { - return USER_CRYPTO_ERROR; - } - - /* perform decryption using IPP */ - ret = ippsRSADecrypt_PKCSv15((Ipp8u*)in, (Ipp8u*)out, &outSz, key->pPrv, - scratchBuffer); - if (ret != ippStsNoErr) { - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return outSz; -} - - -/* out is a pointer that is set to the location in byte array "in" where input - data has been decrypted */ -int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) -{ - int outSz; - byte* tmp; - - USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n")); - - /* allocate a buffer for max decrypted text */ - tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (tmp == NULL) - return USER_CRYPTO_ERROR; - - outSz = wc_RsaPrivateDecrypt(in, inLen, tmp, key->sz, key); - if (outSz >= 0) { - XMEMCPY(in, tmp, outSz); - *out = in; - } - else { - XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return USER_CRYPTO_ERROR; - } - - XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n")); - - return outSz; -} - - -/* Used to clean up memory when exiting, clean up memory used */ -static int FreeHelper(IppsBigNumState* pTxt, IppsBigNumState* cTxt, - Ipp8u* scratchBuffer, void* pPub) -{ - if (pTxt != NULL) - XFREE(pTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (cTxt != NULL) - XFREE(cTxt, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (scratchBuffer != NULL) - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (pPub != NULL) - XFREE(pPub, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return 0; -} - - -/* for Rsa Verify - in : byte array to be verified - inLen : length of input array - out : pointer to location of in byte array that has been verified - */ -int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) -{ - - int ctxSz; - int scratchSz; - Ipp8u* scratchBuffer = NULL; - IppStatus ret; - IppsRSAPrivateKeyState* pPub = NULL; - IppsBigNumState* pTxt = NULL; - IppsBigNumState* cTxt = NULL; - - USER_DEBUG(("Entering wc_RsaSSL_VerifyInline\n")); - - if (key == NULL || key->n == NULL || key->e == NULL) { - USER_DEBUG(("n or e element was null\n")); - return USER_CRYPTO_ERROR; - } - - if (in == NULL || inLen == 0 || out == NULL) - return USER_CRYPTO_ERROR; - - /* set up a private key state using public key values */ - ret = ippsRSA_GetSizePrivateKeyType1(key->nSz, key->eSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (pPub == NULL) - return USER_CRYPTO_ERROR; - - ret = ippsRSA_InitPrivateKeyType1(key->nSz, key->eSz, pPub, ctxSz); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - ret = ippsRSA_SetPrivateKeyType1(key->n, key->e, pPub); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", - ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* set size of scratch buffer */ - ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, pPub); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - - scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); - if (scratchBuffer == NULL) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - - /* load plain and cipher into big num states */ - ret = init_bn(&pTxt, key->sz); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, pTxt); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - - /* set up cipher to hold signature */ - ret = init_bn(&cTxt, key->sz); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, cTxt); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - return USER_CRYPTO_ERROR; - } - - /* decrypt using public key information */ - ret = ippsRSA_Decrypt(cTxt, pTxt, pPub, scratchBuffer); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - /* extract big num struct to octet string */ - ret = ippsGetOctString_BN((Ipp8u*)in, key->sz, pTxt); - if (ret != ippStsNoErr) { - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret))); - return USER_CRYPTO_ERROR; - } - - FreeHelper(pTxt, cTxt, scratchBuffer, pPub); - - /* unpad the decrypted information and return size of array */ - return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); -} - - -/* sets up and call VerifyInline to verify a signature */ -int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key) -{ - int plainLen; - byte* tmp; - byte* pad = 0; - - if (out == NULL || in == NULL || key == NULL) - return USER_CRYPTO_ERROR; - - tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_USER_CRYPTO); - if (tmp == NULL) { - return USER_CRYPTO_ERROR; - } - - XMEMCPY(tmp, in, inLen); - - /* verify signature and test if output buffer is large enough */ - plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key); - if (plainLen < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return plainLen; - } - - if (plainLen > (int)outLen) - plainLen = USER_CRYPTO_ERROR; - else - XMEMCPY(out, pad, plainLen); - - ForceZero(tmp, inLen); - XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - return plainLen; -} - - -/* Check if a > b , if so c = a mod b - return ippStsNoErr on success */ -static IppStatus reduce(IppsBigNumState* a, IppsBigNumState* b, - IppsBigNumState* c) -{ - IppStatus ret; - - if ((ret = ippsMod_BN(a, b, c)) != ippStsNoErr) - return ret; - - return ippStsNoErr; -} - - -static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b, - IppsMontState* mont, IppsBigNumState* out, IppsBigNumState* one) -{ - IppStatus ret; - - ret = ippsMontForm(a, mont, a); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMontForm error of %s\n", ippGetStatusString(ret))); - return ret; - } - - /* a = a^b mod mont */ - ret = ippsMontExp(a, b, mont, out); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMontExp error of %s\n", ippGetStatusString(ret))); - return ret; - } - - /* convert back from montgomery */ - ret = ippsMontMul(out, one, mont, out); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMontMul error of %s\n", ippGetStatusString(ret))); - return ret; - } - - return ippStsNoErr; -} - - -static void Free_BN(IppsBigNumState* bn) -{ - int sz, ctxSz; - IppStatus ret; - - if (bn != NULL) { - ret = ippStsNoErr; - ret |= ippsGetSize_BN(bn, &sz); - ret |= ippsBigNumGetSize(sz, &ctxSz); - if (ret == ippStsNoErr) { - ForceZero(bn, ctxSz); - } - else { - USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n")); - } - XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO); - } -} - - -/* free up memory used during CRT sign operation */ -static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp, - IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa, - IppsBigNumState* tmpb) -{ - Free_BN(one); - Free_BN(tmp); - Free_BN(tmpP); - Free_BN(tmpQ); - Free_BN(tmpa); - Free_BN(tmpb); -} - - -/* for Rsa Sign */ -int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, WC_RNG* rng) -{ - int sz, pSz, qSz; - IppStatus ret; - word32 outSz = outLen; - - IppsMontState* pMont = NULL; - IppsMontState* qMont = NULL; - - IppsBigNumState* one = NULL; - IppsBigNumState* tmp = NULL; - IppsBigNumState* tmpP = NULL; - IppsBigNumState* tmpQ = NULL; - IppsBigNumState* tmpa = NULL; - IppsBigNumState* tmpb = NULL; - - IppsBigNumSGN sa, sb; - - Ipp8u o[1]; - o[0] = 1; - - USER_DEBUG(("Entering wc_RsaSSL_Sign\n")); - - if (in == NULL || out == NULL || key == NULL || rng == NULL) { - USER_DEBUG(("Bad argument to wc_RsaSSL_Sign\n")); - return USER_CRYPTO_ERROR; - } - - sz = key->sz; - - - /* sanity check on key being used */ - if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL || - key->dPipp == NULL || key->dQipp == NULL) { - USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n")); - return USER_CRYPTO_ERROR; - } - - if (sz > (int)outLen) { - USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n")); - return USER_CRYPTO_ERROR; - } - - if (sz < RSA_MIN_PAD_SZ) { - USER_DEBUG(("Key size is too small\n")); - return USER_CRYPTO_ERROR; - } - - if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) { - USER_DEBUG(("Bad argument inLen to wc_RsaSSL_Sign\n")); - return USER_CRYPTO_ERROR; - } - - /* Set up needed pkcs v15 padding */ - if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) { - USER_DEBUG(("RSA Padding error\n")); - return USER_CRYPTO_ERROR; - } - - /* tmp = input to sign */ - ret = init_bn(&tmp, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - ret = ippsSetOctString_BN(out, sz, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSetOctString_BN error of %s\n", - ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpP = tmp mod p */ - ret = init_bn(&tmpP, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpQ = tmp mod q */ - ret = init_bn(&tmpQ, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpa */ - ret = init_bn(&tmpa, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpb */ - ret = init_bn(&tmpb, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* one : used for conversion from Montgomery to classical */ - ret = init_bn(&one, sz); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - ret = ippsSetOctString_BN(o, 1, one); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSetOctString_BN error of %s\n", - ippGetStatusString(ret))); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /** - Set up Montgomery state - */ - ret = init_mont(&pMont, &pSz, key->pipp); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); - if (pMont != NULL) { - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - } - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - ret = init_mont(&qMont, &qSz, key->qipp); - if (ret != ippStsNoErr) { - USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); - if (qMont != NULL) { - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - } - ForceZero(pMont, pSz); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /** - Check and reduce input - This is needed for calls to MontExp since required value of a < modulus - */ - ret = reduce(tmp, key->pipp, tmpP); - if (ret != ippStsNoErr) - { - USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - ret = reduce(tmp, key->qipp, tmpQ); - if (ret != ippStsNoErr) - { - USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpa = (tmp mod p)^dP mod p */ - ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one); - if (ret != ippStsNoErr) { - USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmpb = (tmp mod q)^dQ mod q */ - ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one); - if (ret != ippStsNoErr) { - USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* tmp = (tmpa - tmpb) * qInv (mod p) */ - ret = ippsSub_BN(tmpa, tmpb, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - ret = ippsMul_BN(tmp, key->uipp, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* mod performed the same was as wolfSSL fp_mod -- tmpa is just scratch */ - ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* Check sign of values and perform conditional add */ - ret = ippsExtGet_BN(&sa, NULL, NULL, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - if (sa != sb) { - ret = ippsAdd_BN(tmp, key->pipp, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - } - - /* tmp = tmpb + q * tmp */ - ret = ippsMul_BN(tmp, key->qipp, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - - ret = ippsAdd_BN(tmp, tmpb, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - /* Extract the output */ - ret = ippsGetOctString_BN(out, sz, tmp); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetOctString_BN error of %s\n", - ippGetStatusString(ret))); - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - return USER_CRYPTO_ERROR; - } - - outSz = sz; - - /* clear memory and free */ - ForceZero(pMont, pSz); - ForceZero(qMont, qSz); - XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); - - return outSz; -} - - -int wc_RsaEncryptSize(RsaKey* key) -{ - if (key == NULL) - return 0; - - return key->sz; -} - - -/* flatten RsaKey structure into individual elements (e, n) */ -int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, - word32* nSz) -{ - int sz, bytSz; - IppStatus ret; - - USER_DEBUG(("Entering wc_RsaFlattenPublicKey\n")); - - if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL) - return USER_CRYPTO_ERROR; - - bytSz = sizeof(byte) * 8; - ret = ippsExtGet_BN(NULL, &sz, NULL, key->e); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - /* sz is in bits change to bytes */ - sz = (sz / bytSz) + ((sz % bytSz)? 1 : 0); - - if (*eSz < (word32)sz) - return USER_CRYPTO_ERROR; - - ret = ippsGetOctString_BN(e, sz, key->e); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - *eSz = (word32)sz; - - /* flatten n */ - ret = ippsExtGet_BN(NULL, &sz, NULL, key->n); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - /* sz is in bits change to bytes */ - sz = (sz / bytSz) + ((sz % bytSz)? 1: 0); - - if (*nSz < (word32)sz) - return USER_CRYPTO_ERROR; - - ret = ippsGetOctString_BN(n, sz, key->n); - if (ret != ippStsNoErr) - return USER_CRYPTO_ERROR; - - *nSz = (word32)sz; - - return 0; -} - - -IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams); -IppStatus wolfSSL_rng(Ipp32u* pData, int nBits, void* pEbsParams) -{ - int nBytes; - - if (pData == NULL) { - USER_DEBUG(("error with wolfSSL_rng argument\n")); - return ippStsErr; - } - - nBytes = (nBits/8) + ((nBits % 8)? 1: 0); - if (wc_RNG_GenerateBlock((WC_RNG*)pEbsParams, (byte*)pData, nBytes) != 0) { - USER_DEBUG(("error in generating random wolfSSL block\n")); - return ippStsErr; - } - - return ippStsNoErr; -} - - -#ifdef WOLFSSL_KEY_GEN -/* Make an RSA key for size bits, with e specified, 65537 is a good e */ -int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) -{ - IppStatus ret; - int scratchSz; - int i; /* for trys on calling make key */ - int ctxSz; - - IppsBigNumState* pSrcPublicExp = NULL; - Ipp8u* scratchBuffer = NULL; - Ipp8u eAry[8]; - int trys = 8; /* Miller-Rabin test parameter */ - IppsPrimeState* pPrime = NULL; - - int qBitSz; /* size of q factor */ - int bytSz; /* size of key in bytes */ - int leng; - - USER_DEBUG(("Entering wc_MakeRsaKey\n")); - - /* get byte size and individual private key size -- round up */ - qBitSz = (size / 2) + ((size % 2)? 1: 0); - bytSz = (size / 8) + ((size % 8)? 1: 0); - - if (key == NULL || rng == NULL) { - USER_DEBUG(("Error, NULL argument passed in\n")); - return USER_CRYPTO_ERROR; - } - - if (e < 3 || (e&1) == 0) - return USER_CRYPTO_ERROR; - - if (size > RSA_MAX_SIZE || size < RSA_MIN_SIZE) - return USER_CRYPTO_ERROR; - - key->type = RSA_PRIVATE; - key->sz = bytSz; - - /* initialize prime number */ - ret = ippsPrimeGetSize(size, &ctxSz); /* size in bits */ - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsPrimeGetSize error of %s\n", ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (pPrime == NULL) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - ret = ippsPrimeInit(size, pPrime); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsPrimeInit error of %s\n", ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* define RSA privete key type 2 */ - /* length in bits of p and q factors */ - ret = ippsRSA_GetSizePrivateKeyType2(qBitSz, qBitSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePrivateKeyType2 error of %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - key->prvSz = ctxSz; /* used when freeing private key */ - key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPrv == NULL) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* length in bits of p and q factors */ - ret = ippsRSA_InitPrivateKeyType2(qBitSz, qBitSz, key->pPrv, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPrivateKeyType2 error of %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* allocate scratch buffer */ - ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetBufferSizePrivateKey error of %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO); - if (scratchBuffer == NULL) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up initial value of pScrPublicExp */ - leng = (int)sizeof(long); /* # of Ipp32u in long */ - - /* place the value of e into the array eAry then load into BN */ - for (i = 0; i < leng; i++) { - eAry[i] = (e >> (8 * (leng - 1 - i))) & 0XFF; - } - ret = init_bn(&pSrcPublicExp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - ret = ippsSetOctString_BN(eAry, leng, pSrcPublicExp); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* initializing key->n */ - ret = init_bn(&key->n, bytSz); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* initializing public exponent key->e */ - ret = init_bn(&key->e, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* private exponent key->dipp */ - ret = init_bn(&key->dipp, bytSz); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* call IPP to generate keys, if inseficent entropy error call again */ - ret = ippStsInsufficientEntropy; - while (ret == ippStsInsufficientEntropy) { - ret = ippsRSA_GenerateKeys(pSrcPublicExp, key->n, key->e, - key->dipp, key->pPrv, scratchBuffer, trys, pPrime, - wolfSSL_rng, rng); - if (ret == ippStsNoErr) { - break; - } - - /* catch all errors other than entropy error */ - if (ret != ippStsInsufficientEntropy) { - USER_DEBUG(("ippsRSA_GeneratKeys error of %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - } - - /* get bn sizes needed for private key set up */ - ret = ippsExtGet_BN(NULL, &key->eSz, NULL, key->e); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - ret = ippsExtGet_BN(NULL, &key->nSz, NULL, key->n); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsGetSize_BN error %s\n", ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up public key state */ - ret = ippsRSA_GetSizePublicKey(key->nSz, key->eSz, &ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetSizePublicKey error %s nSz = %d eSz = %d\n", - ippGetStatusString(ret), key->nSz, key->eSz)); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, - DYNAMIC_TYPE_USER_CRYPTO); - if (key->pPub == NULL) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - ret = ippsRSA_InitPublicKey(key->nSz, key->eSz, key->pPub, ctxSz); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_InitPublicKey error %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - ret = ippsRSA_SetPublicKey(key->n, key->e, key->pPub); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_SetPublicKey error %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* get private key information for key struct */ - leng = size/16; /* size of q, p, u, dP, dQ */ - ret = init_bn(&key->pipp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up q BN for key */ - ret = init_bn(&key->qipp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up dP BN for key */ - ret = init_bn(&key->dPipp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up dQ BN for key */ - ret = init_bn(&key->dQipp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* set up u BN for key */ - ret = init_bn(&key->uipp, leng); - if (ret != ippStsNoErr) { - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - - /* get values from created key */ - ret = ippsRSA_GetPrivateKeyType2(key->pipp, key->qipp, key->dPipp, - key->dQipp, key->uipp, key->pPrv); - if (ret != ippStsNoErr) { - USER_DEBUG(("ippsRSA_GetPrivateKeyType2 error %s\n", - ippGetStatusString(ret))); - ret = USER_CRYPTO_ERROR; - goto makeKeyEnd; - } - ret = 0; /* success case */ - -makeKeyEnd: - /* clean up memory used */ - XFREE(pSrcPublicExp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(pPrime, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - if (ret != 0) { /* with fail case free RSA components created */ - wc_FreeRsaKey(key); - } - - return ret; -} - -#endif - -#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) - -/********** duplicate code needed -- future refactor */ -#define MAX_VERSION_SZ 5 -#define MAX_SEQ_SZ 5 -#define ASN_CONTEXT_SPECIFIC 0x80 -#define ASN_CONSTRUCTED 0x20 -#define ASN_LONG_LENGTH 0x80 -#define ASN_SEQUENCE 0x10 -#define RSA_INTS 8 -#define FALSE 0 -#define TRUE 1 - -#define MAX_LENGTH_SZ 4 -#define RSAk 645 -#define keyType 2 -#define MAX_RSA_INT_SZ 517 -#define MAX_RSA_E_SZ 16 -#define MAX_ALGO_SZ 20 - -static word32 BytePrecision(word32 value) -{ - word32 i; - for (i = sizeof(value); i; --i) - if (value >> ((i - 1) * WOLFSSL_BIT_SIZE)) - break; - - return i; -} - - -static int SetMyVersion(word32 version, byte* output, int header) -{ - int i = 0; - - if (output == NULL) - return USER_CRYPTO_ERROR; - - if (header) { - output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; - output[i++] = ASN_BIT_STRING; - } - output[i++] = ASN_INTEGER; - output[i++] = 0x01; - output[i++] = (byte)version; - - return i; -} - - -static word32 SetLength(word32 length, byte* output) -{ - word32 i = 0, j; - - if (length < 0x80) - output[i++] = (byte)length; - else { - output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); - - for (j = BytePrecision(length); j; --j) { - output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); - i++; - } - } - - return i; -} - - -static word32 SetSequence(word32 len, byte* output) -{ - output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; - return SetLength(len, output + 1) + 1; -} - - -static word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) -{ - /* adding TAG_NULL and 0 to end */ - - /* RSA keyType */ - #ifndef NO_RSA - static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00}; - #endif /* NO_RSA */ - - int algoSz = 0; - int tagSz = 2; /* tag null and terminator */ - word32 idSz, seqSz; - const byte* algoName = 0; - byte ID_Length[MAX_LENGTH_SZ]; - byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ - - if (type == keyType) { /* keyType */ - switch (algoOID) { - #ifndef NO_RSA - case RSAk: - algoSz = sizeof(RSA_AlgoID); - algoName = RSA_AlgoID; - break; - #endif /* NO_RSA */ - default: - /* unknown key algo */ - return 0; - } - } - else { - /* unknown algo type */ - return 0; - } - - idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */ - seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray); - /* +1 for object id, curveID of curveSz follows for ecc */ - seqArray[seqSz++] = ASN_OBJECT_ID; - - XMEMCPY(output, seqArray, seqSz); - XMEMCPY(output + seqSz, ID_Length, idSz); - XMEMCPY(output + seqSz + idSz, algoName, algoSz); - - return seqSz + idSz + algoSz; - -} - - -/* Write a public RSA key to output */ -static int SetRsaPublicKey(byte* output, RsaKey* key, - int outLen, int with_header) -{ -#ifdef WOLFSSL_SMALL_STACK - byte* n = NULL; - byte* e = NULL; -#else - byte n[MAX_RSA_INT_SZ]; - byte e[MAX_RSA_E_SZ]; -#endif - byte seq[MAX_SEQ_SZ]; - byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ - int nSz; - int eSz; - int seqSz; - int lenSz; - int idx; - int rawLen; - int leadingBit; - int err; - - if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) - return USER_CRYPTO_ERROR; - - /* n */ -#ifdef WOLFSSL_SMALL_STACK - n = (byte*)XMALLOC(MAX_RSA_INT_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (n == NULL) - return USER_CRYPTO_ERROR; -#endif - - leadingBit = wc_Rsa_leading_bit(key->n); - rawLen = wc_Rsa_unsigned_bin_size(key->n); - if ((int)rawLen < 0) { - return USER_CRYPTO_ERROR; - } - - rawLen = rawLen + leadingBit; - n[0] = ASN_INTEGER; - nSz = SetLength(rawLen, n + 1) + 1; /* int tag */ - - if ( (nSz + rawLen) < MAX_RSA_INT_SZ) { - if (leadingBit) - n[nSz] = 0; - err = ippsGetOctString_BN((Ipp8u*)n + nSz, rawLen - leadingBit, key->n); - if (err == ippStsNoErr) - nSz += rawLen; - else { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } - } - else { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } - - /* e */ -#ifdef WOLFSSL_SMALL_STACK - e = (byte*)XMALLOC(MAX_RSA_E_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (e == NULL) { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } -#endif - - leadingBit = wc_Rsa_leading_bit(key->e); - rawLen = wc_Rsa_unsigned_bin_size(key->e); - if ((int)rawLen < 0) { - return USER_CRYPTO_ERROR; - } - - rawLen = rawLen + leadingBit; - e[0] = ASN_INTEGER; - eSz = SetLength(rawLen, e + 1) + 1; /* int tag */ - - if ( (eSz + rawLen) < MAX_RSA_E_SZ) { - if (leadingBit) - e[eSz] = 0; - err = ippsGetOctString_BN((Ipp8u*)e + eSz, rawLen - leadingBit, key->e); - if (err == ippStsNoErr) - eSz += rawLen; - else { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } - } - else { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } - - seqSz = SetSequence(nSz + eSz, seq); - - /* check output size */ - if ( (seqSz + nSz + eSz) > outLen) { -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - return USER_CRYPTO_ERROR; - } - - /* headers */ - if (with_header) { - int algoSz; -#ifdef WOLFSSL_SMALL_STACK - byte* algo; - - algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO); - if (algo == NULL) { - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); - return USER_CRYPTO_ERROR; - } -#else - byte algo[MAX_ALGO_SZ]; -#endif - algoSz = SetAlgoID(RSAk, algo, keyType, 0); - lenSz = SetLength(seqSz + nSz + eSz + 1, len); - len[lenSz++] = 0; /* trailing 0 */ - - /* write, 1 is for ASN_BIT_STRING */ - idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output); - - /* check output size */ - if ( (idx + algoSz + 1 + lenSz + seqSz + nSz + eSz) > outLen) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO); - #endif - - return USER_CRYPTO_ERROR; - } - - /* algo */ - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - /* bit string */ - output[idx++] = ASN_BIT_STRING; - /* length */ - XMEMCPY(output + idx, len, lenSz); - idx += lenSz; -#ifdef WOLFSSL_SMALL_STACK - XFREE(algo, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - } - else - idx = 0; - - /* seq */ - XMEMCPY(output + idx, seq, seqSz); - idx += seqSz; - /* n */ - XMEMCPY(output + idx, n, nSz); - idx += nSz; - /* e */ - XMEMCPY(output + idx, e, eSz); - idx += eSz; - -#ifdef WOLFSSL_SMALL_STACK - XFREE(n, NULL, DYNAMIC_TYPE_USER_CRYPTO); - XFREE(e, NULL, DYNAMIC_TYPE_USER_CRYPTO); -#endif - - return idx; -} - - -static IppsBigNumState* GetRsaInt(RsaKey* key, int idx) -{ - if (idx == 0) - return key->n; - if (idx == 1) - return key->e; - if (idx == 2) - return key->dipp; - if (idx == 3) - return key->pipp; - if (idx == 4) - return key->qipp; - if (idx == 5) - return key->dPipp; - if (idx == 6) - return key->dQipp; - if (idx == 7) - return key->uipp; - - return NULL; -} - - -/* Release Tmp RSA resources */ -static WC_INLINE void FreeTmpRsas(byte** tmps, void* heap) -{ - int i; - - (void)heap; - - for (i = 0; i < RSA_INTS; i++) - XFREE(tmps[i], heap, DYNAMIC_TYPE_USER_CRYPTO); -} - - -/* Convert RsaKey key to DER format, write to output (inLen), return bytes - written */ -int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) -{ - word32 seqSz, verSz, rawLen, intTotalLen = 0; - word32 sizes[RSA_INTS]; - int i, j, outLen, ret = 0, lbit; - - byte seq[MAX_SEQ_SZ]; - byte ver[MAX_VERSION_SZ]; - byte* tmps[RSA_INTS]; - - USER_DEBUG(("Entering RsaKeyToDer\n")); - - if (!key) - return USER_CRYPTO_ERROR; - - if (key->type != RSA_PRIVATE) - return USER_CRYPTO_ERROR; - - for (i = 0; i < RSA_INTS; i++) - tmps[i] = NULL; - - /* write all big ints from key to DER tmps */ - for (i = 0; i < RSA_INTS; i++) { - Ipp32u isZero; - IppsBigNumState* keyInt = GetRsaInt(key, i); - - ippsCmpZero_BN(keyInt, &isZero); /* makes isZero 0 if true */ - rawLen = wc_Rsa_unsigned_bin_size(keyInt); - if ((int)rawLen < 0) { - return USER_CRYPTO_ERROR; - } - - /* leading zero */ - if (!isZero || wc_Rsa_leading_bit(keyInt)) - lbit = 1; - else - lbit = 0; - - rawLen += lbit; - - tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, - DYNAMIC_TYPE_USER_CRYPTO); - if (tmps[i] == NULL) { - ret = USER_CRYPTO_ERROR; - break; - } - - tmps[i][0] = ASN_INTEGER; - sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ - - if (sizes[i] <= MAX_SEQ_SZ) { - int err; - - /* leading zero */ - if (lbit) - tmps[i][sizes[i]-1] = 0x00; - - /* extract data*/ - err = ippsGetOctString_BN((Ipp8u*)(tmps[i] + sizes[i]), - rawLen - lbit, keyInt); - if (err == ippStsOk) { - sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ - intTotalLen += sizes[i]; - ret = 0; - } - else { - ret = USER_CRYPTO_ERROR; - USER_DEBUG(("ippsGetOctString_BN error %s\n", - ippGetStatusString(err))); - break; - } - } - else { - ret = USER_CRYPTO_ERROR; - break; - } - } - - if (ret != 0) { - FreeTmpRsas(tmps, key->heap); - return ret; - } - - /* make headers */ - verSz = SetMyVersion(0, ver, FALSE); - seqSz = SetSequence(verSz + intTotalLen, seq); - - outLen = seqSz + verSz + intTotalLen; - if (output) { - if (outLen > (int)inLen) { - return USER_CRYPTO_ERROR; - } - - /* write to output */ - XMEMCPY(output, seq, seqSz); - j = seqSz; - XMEMCPY(output + j, ver, verSz); - j += verSz; - - for (i = 0; i < RSA_INTS; i++) { - XMEMCPY(output + j, tmps[i], sizes[i]); - j += sizes[i]; - } - } - FreeTmpRsas(tmps, key->heap); - - return outLen; -} - - -/* Convert Rsa Public key to DER format, write to output (inLen), return bytes - written -*/ -int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) -{ - return SetRsaPublicKey(output, key, inLen, 1); -} - - -#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ - -#ifdef WC_RSA_BLINDING - -int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) -{ - if (key == NULL) - return USER_CRYPTO_ERROR; - - (void)rng; - - return 0; -} - -#endif /* WC_RSA_BLINDING */ - -#endif /* NO_RSA */ - |