WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssl/tests/api.c

52460 lines
1.6 MiB
Raw Blame History

/* api.c API unit tests
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* For AES-CBC, input lengths can optionally be validated to be a
* multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
* also available via the configure option --enable-aescbc-length-checks.
*/
/*----------------------------------------------------------------------------*
| Includes
*----------------------------------------------------------------------------*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifndef FOURK_BUF
#define FOURK_BUF 4096
#endif
#ifndef TWOK_BUF
#define TWOK_BUF 2048
#endif
#ifndef ONEK_BUF
#define ONEK_BUF 1024
#endif
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif /* WOLFSSL_STAIC_MEMORY */
#ifdef WOLFSSL_ASNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
#ifndef ECC_ASN963_MAX_BUF_SZ
#define ECC_ASN963_MAX_BUF_SZ 133
#endif
#ifndef ECC_PRIV_KEY_BUF
#define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
#endif
/* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
/* logic to choose right key ECC size */
#if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
#define KEY14 14
#else
#define KEY14 32
#endif
#if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
#define KEY16 16
#else
#define KEY16 32
#endif
#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
#define KEY20 20
#else
#define KEY20 32
#endif
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
#define KEY24 24
#else
#define KEY24 32
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#define KEY28 28
#else
#define KEY28 32
#endif
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
#define KEY30 30
#else
#define KEY30 32
#endif
#define KEY32 32
#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
#define KEY40 40
#else
#define KEY40 32
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#define KEY48 48
#else
#define KEY48 32
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#define KEY64 64
#else
#define KEY64 32
#endif
#if !defined(HAVE_COMP_KEY)
#if !defined(NOCOMP)
#define NOCOMP 0
#endif
#else
#if !defined(COMP)
#define COMP 1
#endif
#endif
#if !defined(DER_SZ)
#define DER_SZ(ks) (ks * 2 + 1)
#endif
#endif
#ifndef NO_ASN
#include <wolfssl/wolfcrypt/asn_public.h>
#endif
#include <wolfssl/error-ssl.h>
#include <stdlib.h>
#include <wolfssl/ssl.h> /* compatibility layer */
#include <wolfssl/test.h>
#include <tests/unit.h>
#include "examples/server/server.h"
/* for testing compatibility layer callbacks */
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
#endif
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef WOLFSSL_SHA384
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef WOLFSSL_SHA3
#include <wolfssl/wolfcrypt/sha3.h>
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif
#endif
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
#ifdef HAVE_AES_DECRYPT
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#endif
#endif
#ifdef WOLFSSL_RIPEMD
#include <wolfssl/wolfcrypt/ripemd.h>
#endif
#ifdef HAVE_IDEA
#include <wolfssl/wolfcrypt/idea.h>
#endif
#ifndef NO_DES3
#include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#endif
#ifdef WC_RC2
#include <wolfssl/wolfcrypt/rc2.h>
#endif
#ifndef NO_HMAC
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#ifdef HAVE_CHACHA
#include <wolfssl/wolfcrypt/chacha.h>
#endif
#ifdef HAVE_POLY1305
#include <wolfssl/wolfcrypt/poly1305.h>
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif
#ifdef HAVE_CAMELLIA
#include <wolfssl/wolfcrypt/camellia.h>
#endif
#ifndef NO_RABBIT
#include <wolfssl/wolfcrypt/rabbit.h>
#endif
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
#ifdef HAVE_BLAKE2
#include <wolfssl/wolfcrypt/blake2.h>
#endif
#include <wolfssl/wolfcrypt/hash.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#define FOURK_BUF 4096
#define GEN_BUF 294
#ifndef USER_CRYPTO_ERROR
#define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */
#endif
#endif
#ifndef NO_SIG_WRAPPER
#include <wolfssl/wolfcrypt/signature.h>
#endif
#ifdef HAVE_AESCCM
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef HAVE_HC128
#include <wolfssl/wolfcrypt/hc128.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifdef HAVE_LIBZ
#include <wolfssl/wolfcrypt/compress.h>
#endif
#endif
#ifdef WOLFSSL_SMALL_CERT_VERIFY
#include <wolfssl/wolfcrypt/asn.h>
#endif
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#ifndef ONEK_BUF
#define ONEK_BUF 1024
#endif
#ifndef TWOK_BUF
#define TWOK_BUF 2048
#endif
#ifndef FOURK_BUF
#define FOURK_BUF 4096
#endif
#ifndef DSA_SIG_SIZE
#define DSA_SIG_SIZE 40
#endif
#ifndef MAX_DSA_PARAM_SIZE
#define MAX_DSA_PARAM_SIZE 256
#endif
#endif
#ifdef WOLFSSL_CMAC
#include <wolfssl/wolfcrypt/cmac.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_PKCS12
#include <wolfssl/wolfcrypt/pkcs12.h>
#endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
#include <wolfssl/openssl/ssl.h>
#ifndef NO_ASN
/* for ASN_COMMON_NAME DN_tags enum */
#include <wolfssl/wolfcrypt/asn.h>
#endif
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
#endif
#endif
#ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/cmac.h>
#include <wolfssl/openssl/x509v3.h>
#include <wolfssl/openssl/asn1.h>
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/pkcs12.h>
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/buffer.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/ec.h>
#include <wolfssl/openssl/engine.h>
#include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/objects.h>
#include <wolfssl/openssl/rand.h>
#ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h>
#endif
#ifndef NO_AES
#include <wolfssl/openssl/aes.h>
#endif
#ifndef NO_DES3
#include <wolfssl/openssl/des.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/openssl/ecdsa.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/openssl/pkcs7.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/openssl/ed25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/openssl/ed448.h>
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(RC_NO_RNG)
#include <wolfssl/wolfcrypt/srp.h>
#endif
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
!defined(WOLFSSL_ASN_TEMPLATE))
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h"
#endif
/* force enable test buffers */
#ifndef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#endif
#ifndef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#endif
#include <wolfssl/certs_test.h>
typedef struct testVector {
const char* input;
const char* output;
size_t inLen;
size_t outLen;
} testVector;
#if defined(HAVE_PKCS7)
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
int keyWrapOID;
int keyAgreeOID;
byte* cert;
size_t certSz;
byte* privateKey;
word32 privateKeySz;
} pkcs7EnvelopedVector;
#ifndef NO_PKCS7_ENCRYPTED_DATA
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
byte* encryptionKey;
word32 encryptionKeySz;
} pkcs7EncryptedVector;
#endif
#endif /* HAVE_PKCS7 */
/*----------------------------------------------------------------------------*
| Constants
*----------------------------------------------------------------------------*/
#define TEST_SUCCESS (1)
#define TEST_FAIL (0)
#define testingFmt " %s:"
#define resultFmt " %s\n"
static const char* passed = "passed";
static const char* failed = "failed";
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
#define TEST_RSA_BITS 1024
#else
#define TEST_RSA_BITS 2048
#endif
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
static const char* bogusFile =
#ifdef _WIN32
"NUL"
#else
"/dev/null"
#endif
;
#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
enum {
TESTING_RSA = 1,
TESTING_ECC = 2
};
#ifdef WOLFSSL_QNX_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
static int devId = WOLFSSL_CAAM_DEVID;
#else
static int devId = INVALID_DEVID;
#endif
/*----------------------------------------------------------------------------*
| Setup
*----------------------------------------------------------------------------*/
static int test_wolfSSL_Init(void)
{
int result;
printf(testingFmt, "wolfSSL_Init()");
result = wolfSSL_Init();
printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
return result;
}
static int test_wolfSSL_Cleanup(void)
{
int result;
printf(testingFmt, "wolfSSL_Cleanup()");
result = wolfSSL_Cleanup();
printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
return result;
}
/* Initialize the wolfCrypt state.
* POST: 0 success.
*/
static int test_wolfCrypt_Init(void)
{
int result;
printf(testingFmt, "wolfCrypt_Init()");
result = wolfCrypt_Init();
printf(resultFmt, result == 0 ? passed : failed);
return result;
} /* END test_wolfCrypt_Init */
/*----------------------------------------------------------------------------*
| Platform dependent function test
*----------------------------------------------------------------------------*/
static int test_fileAccess(void)
{
#if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
const char *fname[] = {
svrCertFile, svrKeyFile, caCertFile,
eccCertFile, eccKeyFile, eccRsaCertFile,
cliCertFile, cliCertDerFile, cliKeyFile,
dhParamFile,
cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
cliEdCertFile, cliEdKeyFile, caEdCertFile,
NULL
};
const char derfile[] = "./certs/server-cert.der";
XFILE f;
size_t sz;
byte *buff;
int i;
printf(testingFmt, "test_fileAccess()");
AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
for(i=0; fname[i] != NULL ; i++){
AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
XFCLOSE(f);
}
AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
sz = (size_t) XFTELL(f);
XREWIND(f);
AssertTrue(sz == sizeof_server_cert_der_2048);
AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
AssertTrue(XFREAD(buff, 1, sz, f) == sz);
XMEMCMP(server_cert_der_2048, buff, sz);
printf(resultFmt, passed);
#endif
return WOLFSSL_SUCCESS;
}
/*----------------------------------------------------------------------------*
| Method Allocators
*----------------------------------------------------------------------------*/
static void test_wolfSSL_Method_Allocators(void)
{
#define TEST_METHOD_ALLOCATOR(allocator, condition) \
do { \
WOLFSSL_METHOD *method; \
condition(method = allocator()); \
XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
} while(0)
#define TEST_VALID_METHOD_ALLOCATOR(a) \
TEST_METHOD_ALLOCATOR(a, AssertNotNull)
#define TEST_INVALID_METHOD_ALLOCATOR(a) \
TEST_METHOD_ALLOCATOR(a, AssertNull)
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
#endif
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
#endif
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
#endif
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
#endif
#endif /* WOLFSSL_TLS13 */
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
#endif
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
#endif
#endif
#endif /* WOLFSSL_DTLS */
#if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
/* Stubs */
#ifndef NO_WOLFSSL_SERVER
TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
#endif
#endif
/* Test Either Method (client or server) */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_TLSV10
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
#endif
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
#endif /* WOLFSSL_TLS13 */
#ifdef WOLFSSL_DTLS
TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
#ifndef NO_OLD_TLS
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
#endif /* !WOLFSSL_NO_TLS12 */
#endif /* WOLFSSL_DTLS */
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
}
/*----------------------------------------------------------------------------*
| Context
*----------------------------------------------------------------------------*/
#ifndef NO_WOLFSSL_SERVER
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
WOLFSSL_CTX *ctx;
AssertNull(ctx = wolfSSL_CTX_new(NULL));
AssertNotNull(method);
AssertNotNull(ctx = wolfSSL_CTX_new(method));
wolfSSL_CTX_free(ctx);
}
#endif
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
static void test_for_double_Free(void)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int skipTest = 0;
const char* testCertFile;
const char* testKeyFile;
char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
"-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
"AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
"-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
"8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
"NULL-SHA:HC128-MD5:HC128-SHA:RABBIT-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
"AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
"SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
"SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
"RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
"-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
"256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
"CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
"6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
"M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
"LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
"E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
"H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
"SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
"CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
"SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
"LY1305-OLD:IDEA-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
"ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
"CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
"HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
"8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
skipTest = 1;
#endif
if (skipTest != 1) {
#ifndef NO_WOLFSSL_SERVER
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* First test freeing SSL, then CTX */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* Next test freeing CTX then SSL */
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
#ifndef NO_WOLFSSL_SERVER
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
/* Test setting ciphers at ctx level */
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
/* only update TLSv13 suites */
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
!defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
defined(WOLFSSL_AES_128) && !defined(NO_RSA)
/* only update pre-TLSv13 suites */
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* test setting ciphers at SSL level */
AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
/* only update TLSv13 suites */
AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
!defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
defined(WOLFSSL_AES_128) && !defined(NO_RSA)
/* only update pre-TLSv13 suites */
AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
}
}
#endif
static void test_wolfSSL_CTX_use_certificate_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
WOLFSSL_FILETYPE_PEM));
/* invalid cert file */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM));
/* invalid cert type */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static int test_wolfSSL_CTX_use_certificate_ASN1(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
server_cert_der_2048);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
}
#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
* --enable-testcert flag.
*/
static int test_wolfSSL_CTX_use_certificate_buffer(void)
{
#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
!defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_CTX_use_certificate_buffer*/
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
/* invalid key file */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM));
/* invalid key type */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
/* success */
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
/* test both file and buffer versions along with unloading trusted peer certs */
static void test_wolfSSL_CTX_trust_peer_cert(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#if !defined(NO_FILESYSTEM)
/* invalid file */
assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
/* success */
assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)
== WOLFSSL_SUCCESS);
/* unload cert */
assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
#endif
/* Test of loading certs from buffers */
/* invalid buffer */
assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
/* success */
#ifdef USE_CERT_BUFFERS_1024
assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
#endif
/* unload cert */
assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
#ifndef NO_RSA
WOLFSSL_CERT_MANAGER* cm;
#ifdef PERSIST_CERT_CACHE
int cacheSz;
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
const char* load_certs_path = "./certs/external";
const char* load_no_certs_path = "./examples";
const char* load_expired_path = "./certs/test/expired";
#endif
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid arguments */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
/* invalid ca file */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
(defined(WOLFSSL_QT) && \
!(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
/* invalid path */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
#endif
/* load ca cert */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
#else /* Skip the following test without RSA certs. */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Get cert cache size */
cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
#endif
/* Test unloading CA's */
AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
/* load ca cert again */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
/* Test getting CERT_MANAGER */
AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
/* Test unloading CA's using CM */
AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* Test loading CA certificates using a path */
#ifdef NO_RSA
/* failure here okay since certs in external directory are RSA */
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#endif
/* Test loading path with no files */
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
/* Test loading expired CA certificates */
#ifdef NO_RSA
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#endif
/* Test loading CA certificates and ignoring all errors */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
#endif
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm;
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("test_cm_load_ca failed\n");
return -1;
}
ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_cm_load_ca_file(const char* ca_cert_file)
{
int ret = 0;
byte* cert_buf = NULL;
size_t cert_sz = 0;
#if defined(WOLFSSL_PEM_TO_DER)
DerBuffer* pDer = NULL;
#endif
ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
if (ret == 0) {
/* normal test */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
if (ret == WOLFSSL_SUCCESS) {
/* test including null terminator in length */
byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
if (tmp == NULL) {
ret = MEMORY_E;
}
else {
cert_buf = tmp;
cert_buf[cert_sz] = '\0';
ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
WOLFSSL_FILETYPE_PEM);
}
}
#if defined(WOLFSSL_PEM_TO_DER)
if (ret == WOLFSSL_SUCCESS) {
/* test loading DER */
ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
if (ret == 0 && pDer != NULL) {
ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
WOLFSSL_FILETYPE_ASN1);
wc_FreeDer(&pDer);
}
}
#endif
}
free(cert_buf);
return ret;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */
static void test_wolfSSL_CertManagerCheckOCSPResponse(void)
{
#if defined(HAVE_OCSP) && !defined(NO_RSA)
/* Need one of these for wolfSSL_OCSP_REQUEST_new. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
defined(HAVE_LIGHTY)
WOLFSSL_CERT_MANAGER* cm = NULL;
/* Raw OCSP response bytes captured using the following setup:
* - Run responder with
* openssl ocsp -port 9999 -ndays 9999
* -index certs/ocsp/index-intermediate1-ca-issued-certs.txt
* -rsigner certs/ocsp/ocsp-responder-cert.pem
* -rkey certs/ocsp/ocsp-responder-key.pem
* -CA certs/ocsp/intermediate1-ca-cert.pem
* - Run client with
* openssl ocsp -host 127.0.0.1:9999 -respout resp.out
* -issuer certs/ocsp/intermediate1-ca-cert.pem
* -cert certs/ocsp/server1-cert.pem
* -CAfile certs/ocsp/root-ca-cert.pem -noverify
* - Copy raw response from Wireshark.
*/
byte response[] = {
0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06,
0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82,
0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31,
0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30,
0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d,
0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32,
0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11,
0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30,
0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33,
0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2,
0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a,
0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe,
0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95,
0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8,
0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6,
0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f,
0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84,
0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34,
0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4,
0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7,
0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33,
0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde,
0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70,
0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73,
0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58,
0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82,
0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32,
0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33,
0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85,
0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63,
0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b,
0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8,
0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a,
0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2,
0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb,
0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab,
0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b,
0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14,
0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01,
0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d,
0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46,
0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30,
0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81,
0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65,
0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07,
0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55,
0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51,
0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d,
0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3,
0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43,
0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26,
0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c,
0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31,
0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef,
0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47,
0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7,
0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93,
0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66,
0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10,
0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1,
0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e,
0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72,
0x59, 0x59, 0xa0, 0x07
};
OcspEntry entry[1];
CertStatus status[1];
OcspRequest* request;
byte serial[] = {0x05};
byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04};
byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e};
printf(testingFmt, "wolfSSL_CertManagerCheckOCSPResponse()");
XMEMSET(entry, 0, sizeof(OcspEntry));
XMEMSET(status, 0, sizeof(CertStatus));
AssertNotNull(request = wolfSSL_OCSP_REQUEST_new());
request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
DYNAMIC_TYPE_OCSP_REQUEST);
AssertNotNull(request->serial);
request->serialSz = sizeof(serial);
XMEMCPY(request->serial, serial, sizeof(serial));
XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CertManagerLoadCA(cm,
"./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS);
/* Response should be valid. */
AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
/* Flip a byte in the request serial number, response should be invalid
* now. */
request->serial[0] ^= request->serial[0];
AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
wolfSSL_OCSP_REQUEST_free(request);
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
* WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */
#endif /* HAVE_OCSP */
}
static int test_wolfSSL_CertManagerLoadCABuffer(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
ret = test_cm_load_ca_file(ca_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
ret = test_cm_load_ca_file(ca_expired_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
#if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
!defined(OPENSSL_COMPATIBLE_DEFAULTS)
AssertIntEQ(ret, ASN_AFTER_DATE_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
#endif
#endif
return ret;
}
static void test_wolfSSL_CertManagerGetCerts(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT)
WOLFSSL_CERT_MANAGER* cm = NULL;
WOLFSSL_STACK* sk = NULL;
X509* x509 = NULL;
X509* cert1 = NULL;
FILE* file1 = NULL;
#ifdef DEBUG_WOLFSSL_VERBOSE
WOLFSSL_BIO* bio = NULL;
#endif
int i = 0;
printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
fclose(file1);
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
#ifdef DEBUG_WOLFSSL_VERBOSE
bio = BIO_new(wolfSSL_BIO_s_file());
if (bio != NULL) {
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
X509_print(bio, x509);
BIO_free(bio);
}
#endif /* DEBUG_WOLFSSL_VERBOSE */
}
wolfSSL_X509_free(cert1);
sk_X509_free(sk);
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT) */
}
static int test_wolfSSL_CertManagerSetVerify(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
WOLFSSL_CERT_MANAGER* cm;
int tmp = myVerifyAction;
const char* ca_cert = "./certs/ca-cert.pem";
const char* expiredCert = "./certs/test/expired/expired-cert.pem";
cm = wolfSSL_CertManagerNew();
AssertNotNull(cm);
wolfSSL_CertManagerSetVerify(cm, myVerify);
ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
/* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALWAYS_VERIFY_CB
{
const char* verifyCert = "./certs/server-cert.pem";
/* Use the test CB that always fails certs */
myVerifyAction = VERIFY_FORCE_FAIL;
ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(ret, VERIFY_CERT_ERROR);
}
#endif
wolfSSL_CertManagerFree(cm);
myVerifyAction = tmp;
#endif
return ret;
}
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_UNIT_TEST_CERTS)
/* used when debugging name constraint tests */
static void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName)
{
BIO* out = BIO_new(BIO_s_file());
if (out != NULL) {
FILE* f = fopen(fileName, "wb");
BIO_set_fp(out, f, BIO_CLOSE);
PEM_write_bio_X509(out, x509);
BIO_free(out);
}
}
static void DEBUG_WRITE_CERT_DER(const byte* der, int derSz, const char* fileName)
{
BIO* out = BIO_new(BIO_s_file());
if (out != NULL) {
FILE* f = fopen(fileName, "wb");
BIO_set_fp(out, f, BIO_CLOSE);
BIO_write(out, der, derSz);
BIO_free(out);
}
}
#else
#define DEBUG_WRITE_CERT_X509(x509, fileName)
#define DEBUG_WRITE_CERT_DER(der, derSz, fileName)
#endif
static void test_wolfSSL_CertManagerNameConstraint(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-nc.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
int i = 0;
static const byte extNameConsOid[] = {85, 29, 30};
RsaKey key;
WC_RNG rng;
byte *der;
int derSz;
word32 idx = 0;
byte *pt;
WOLFSSL_X509 *x509, *ca;
wc_InitRng(&rng);
/* load in CA private key for signing */
AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0);
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
sizeof_server_key_der_2048), 0);
/* get ca certificate then alter it */
AssertNotNull(der =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */
pt = der;
for (i = 0; i < derSz - 3; i++) {
if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
pt += 3;
break;
}
pt++;
}
AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */
/* go to the length value and set it to 0 */
while (i < derSz && *pt != 0x81) {
pt++;
i++;
}
AssertIntNE(i, derSz); /* did not place to alter */
pt++;
*pt = 0x00;
/* resign the altered certificate */
AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
FOURK_BUF, &key, NULL, &rng)), 0);
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
wolfSSL_CertManagerFree(cm);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_X509_free(x509);
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
/* add email alt name to satisfy constraint */
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* Good cert test with proper alt email name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* Cert with bad alt name list */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint2(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
const char* ca_cert = "./certs/test/cert-ext-ndir.der";
const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
const char* server_cert = "./certs/server-cert.pem";
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_X509 *x509, *ca;
const unsigned char *der;
const unsigned char *pt;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
int derSz;
/* C=US*/
char altName[] = {
0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
};
/* C=ID */
char altNameFail[] = {
0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
};
/* C=US ST=California*/
char altNameExc[] = {
0x30, 0x22,
0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
};
/* load in CA private key for signing */
pt = ca_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
sizeof_ca_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* add in matching DIR alt name and resign */
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check verify fail */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
/* add in miss matching DIR alt name and resign */
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check that it still fails if one bad altname and one good altname is in
* the certificate */
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check it fails with switching position of bad altname */
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
/* now test with excluded name constraint */
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
ASN_DIR_TYPE);
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint3(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-mnc.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying .wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying .random.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check fail case when neither constraint is matched */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint4(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-ncdns.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying example.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"example.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying wolfssl.com constraint passes with list of DNS's */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check fail when one DNS in the list is bad */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* check fail case when neither constraint is matched */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"common", 6, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint5(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-ncmixed.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_CERT_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"example", 7, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* fail with DNS check because of common name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* fail on permitted DNS name constraint */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* fail on permitted email name constraint */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* success with empty email name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
!defined(NO_RSA)
const char* ca_cert = "./certs/ca-cert.pem";
const char* crl1 = "./certs/crl/crl.pem";
const char* crl2 = "./certs/crl/crl2.pem";
WOLFSSL_CERT_MANAGER* cm = NULL;
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
wolfSSL_CertManagerFreeCRL(cm);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
wolfSSL_CertManagerFree(cm);
#endif
}
static void test_wolfSSL_CTX_load_verify_locations_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx;
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
/* test good CA */
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE));
/* test expired CA */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_buffer_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
WOLFSSL_CTX* ctx;
const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
byte ca_expired_cert[TWOK_BUF];
word32 sizeof_ca_expired_cert;
XFILE fp;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
AssertNotNull(ctx);
/* test good CA */
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE));
/* load expired CA */
XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
fp = XFOPEN(ca_expired_cert_file, "rb");
AssertTrue(fp != XBADFILE);
sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
sizeof(ca_expired_cert), fp);
XFCLOSE(fp);
/* test expired CA failure */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
/* test expired CA success */
AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
WOLFSSL_CTX* ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
sizeof_ca_cert_chain_der,
WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_add1_chain_cert(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
defined(KEEP_OUR_CERT)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem",
"./certs/intermediate/ca-int-cert.pem",
"./certs/ca-cert.pem",
NULL
};
const char** cert;
WOLFSSL_X509* x509;
WOLF_STACK_OF(X509)* chain = NULL;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
for (cert = certChain; *cert != NULL; cert++) {
x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
X509_free(x509);
}
for (cert = certChain; *cert != NULL; cert++) {
x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
X509_free(x509);
}
AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1);
AssertIntEQ(sk_X509_num(chain), 3);
AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1);
AssertIntEQ(sk_X509_num(chain), 3);
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
}
static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
const char* server_chain_der = "./certs/server-cert-chain.der";
WOLFSSL_CTX* ctx;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
return ret;
}
static void test_wolfSSL_CTX_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* invalid context */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
dhParamFile, WOLFSSL_FILETYPE_PEM));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
NULL, WOLFSSL_FILETYPE_PEM));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
bogusFile, WOLFSSL_FILETYPE_PEM));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
WOLFSSL_FILETYPE_PEM));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* invalid context */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
0, WOLFSSL_FILETYPE_ASN1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_der_load_verify_locations(void)
{
#ifdef WOLFSSL_DER_LOAD
WOLFSSL_CTX* ctx = NULL;
const char* derCert = "./certs/server-cert.der";
const char* nullPath = NULL;
const char* invalidPath = "./certs/this-cert-does-not-exist.der";
const char* emptyPath = "";
/* der load Case 1 ctx NULL */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* Case 2 filePath NULL */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
/* Case 3 invalid format */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
/* Case 4 filePath not valid */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
/* Case 5 filePath empty */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_RSA
/* Case 6 success case */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_enable_disable(void)
{
#ifndef NO_CERTS
WOLFSSL_CTX* ctx = NULL;
#ifdef HAVE_CRL
AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
#endif
#ifdef HAVE_OCSP
AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifdef HAVE_EXTENDED_MASTER
AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#ifdef HAVE_EXTENDED_MASTER
AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
#endif
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
#ifdef HAVE_CRL
AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_OCSP
AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
WOLFSSL_SUCCESS);
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
#endif
wolfSSL_CTX_free(ctx);
#endif /* NO_CERTS */
}
static void test_wolfSSL_CTX_ticket_API(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx = NULL;
void *userCtx = (void*)"this is my ctx";
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));
wolfSSL_CTX_free(ctx);
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
}
static void test_wolfSSL_set_minmax_proto_version(void)
{
#ifdef OPENSSL_EXTRA
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
int ret;
(void)ret;
(void)ssl;
printf(testingFmt, "test_wolfSSL_set_minmax_proto_version");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| SSL
*----------------------------------------------------------------------------*/
static void test_server_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA)
AssertNull(ssl = wolfSSL_new(ctx_nocert));
#endif
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_client_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
wolfSSL_free(ssl);
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_wolfSSL_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#ifndef NO_RSA
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ECC)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED25519)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED448)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
WOLFSSL_FILETYPE_PEM));
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
/* invalid ssl */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
dhParamFile, WOLFSSL_FILETYPE_PEM));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
NULL, WOLFSSL_FILETYPE_PEM));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
bogusFile, WOLFSSL_FILETYPE_PEM));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
WOLFSSL_FILETYPE_PEM));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* invalid ssl */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
0, WOLFSSL_FILETYPE_ASN1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx, *ctx2;
WOLFSSL *ssl, *ssl2;
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx2);
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
ssl2 = wolfSSL_new(ctx2);
AssertNotNull(ssl2);
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_free(ssl2);
wolfSSL_CTX_free(ctx2);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
* allowed.
* POST: return 1 on success.
*/
static int test_wolfSSL_SetMinVersion(void)
{
int failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int itr;
#ifndef NO_OLD_TLS
const int versions[] = {
#ifdef WOLFSSL_ALLOW_TLSV10
WOLFSSL_TLSV1,
#endif
WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#else
const int versions[] = { WOLFSSL_TLSV1_3 };
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){
failFlag = WOLFSSL_FAILURE;
}
}
printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
return failFlag;
} /* END test_wolfSSL_SetMinVersion */
/*----------------------------------------------------------------------------*
| EC
*----------------------------------------------------------------------------*/
/* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
*/
# if defined(OPENSSL_EXTRA) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
static void test_wolfSSL_EC(void)
{
#if defined(HAVE_ECC)
BN_CTX *ctx;
EC_GROUP *group;
EC_GROUP *group2;
EC_POINT *Gxy, *new_point, *set_point;
BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
BIGNUM *X, *Y;
BIGNUM *set_point_bn;
char* hexStr;
int group_bits;
const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
/* NISTP256R1 Gx/Gy */
const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
#ifndef HAVE_SELFTEST
EC_POINT *tmp;
size_t bin_len;
unsigned char* buf = NULL;
const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
const unsigned char binUncompG[] = {
0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
};
#ifdef HAVE_COMP_KEY
const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
const unsigned char binCompG[] = {
0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
};
#endif
#endif
AssertNotNull(ctx = BN_CTX_new());
AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
AssertNotNull(group2 = EC_GROUP_dup(group));
AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
AssertNotNull(Gxy = EC_POINT_new(group));
AssertNotNull(new_point = EC_POINT_new(group));
AssertNotNull(set_point = EC_POINT_new(group));
AssertNotNull(X = BN_new());
AssertNotNull(Y = BN_new());
AssertNotNull(set_point_bn = BN_new());
/* load test values */
AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
/* populate coordinates for input point */
Gxy->X = Gx;
Gxy->Y = Gy;
Gxy->Z = Gz;
#ifndef HAVE_SELFTEST
/* perform point multiplication */
AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
#else
AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
#endif
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(new_point->X), 0);
#ifdef USE_ECC_B_PARAM
AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
#endif /* USE_ECC_B_PARAM */
/* Force non-affine coordinates */
AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one()), 1);
new_point->inSet = 0;
/* extract the coordinates from point */
AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
/* set the same X and Y points in another object */
AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* compare points as they should be the same */
AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
/* Test copying */
AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);
/* Test inverting */
AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
set_point_bn, ctx), set_point_bn);
/* check bn2hex */
hexStr = BN_bn2hex(k);
AssertStrEQ(hexStr, kTest);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, k);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
hexStr = BN_bn2hex(Gx);
AssertStrEQ(hexStr, kGx);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, Gx);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
hexStr = BN_bn2hex(Gy);
AssertStrEQ(hexStr, kGy);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, Gy);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#ifndef HAVE_SELFTEST
hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
AssertStrEQ(hexStr, uncompG);
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#ifdef HAVE_COMP_KEY
hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
AssertStrEQ(hexStr, compG);
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#endif
bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
AssertIntEQ(bin_len, sizeof(binUncompG));
AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
bin_len, ctx), bin_len);
AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
#ifdef HAVE_COMP_KEY
bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
AssertIntEQ(bin_len, sizeof(binCompG));
AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
bin_len, ctx), bin_len);
AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
#endif
AssertNotNull(tmp = EC_POINT_new(group));
AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
EC_POINT_free(tmp);
#ifdef HAVE_COMP_KEY
AssertNotNull(tmp = EC_POINT_new(group));
AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
EC_POINT_free(tmp);
#endif
#endif
/* test BN_mod_add */
AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
AssertIntEQ(BN_is_zero(new_point->Z), 1);
/* cleanup */
BN_free(X);
BN_free(Y);
BN_free(k);
BN_free(set_point_bn);
EC_POINT_free(new_point);
EC_POINT_free(set_point);
EC_POINT_free(Gxy);
EC_GROUP_free(group);
EC_GROUP_free(group2);
BN_CTX_free(ctx);
#endif /* HAVE_ECC */
}
#endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
#ifndef NO_BIO
static void test_wolfSSL_PEM_read_bio_ECPKParameters(void)
{
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
EC_GROUP *group;
BIO* bio;
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
EC_GROUP_free(group);
BIO_free(bio);
#endif /* HAVE_ECC */
}
#endif /* !NO_BIO */
# if defined(OPENSSL_EXTRA)
static void test_wolfSSL_ECDSA_SIG(void)
{
#ifdef HAVE_ECC
WOLFSSL_ECDSA_SIG* sig = NULL;
WOLFSSL_ECDSA_SIG* sig2 = NULL;
const unsigned char* cp;
unsigned char* p;
unsigned char outSig[8];
unsigned char sigData[8] =
{ 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
AssertNull(sig);
cp = sigData;
AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
AssertIntEQ((cp == sigData + 8), 1);
cp = sigData;
AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
AssertIntEQ((sig == sig2), 1);
cp = outSig;
p = outSig;
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
AssertIntEQ((p == outSig + 8), 1);
AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
wolfSSL_ECDSA_SIG_free(sig);
#endif /* HAVE_ECC */
}
static void test_EC_i2d(void)
{
#if defined(HAVE_ECC) && !defined(HAVE_FIPS)
EC_KEY *key;
EC_KEY *copy;
int len;
unsigned char *buf = NULL;
const unsigned char *tmp = NULL;
AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = NULL;
AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);
tmp = buf;
AssertNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = NULL;
AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0);
tmp = buf;
AssertNotNull(o2i_ECPublicKey(&copy, &tmp, len));
AssertIntEQ(EC_KEY_check_key(key), 1);
XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
EC_KEY_free(key);
EC_KEY_free(copy);
#endif /* HAVE_ECC */
}
static void test_ECDSA_size_sign(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
EC_KEY *key;
int id;
byte hash[WC_MAX_DIGEST_SIZE];
byte sig[ECC_MAX_SIG_SIZE];
unsigned int sigSz = sizeof(sig);
XMEMSET(hash, 123, sizeof(hash));
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
AssertIntGE(ECDSA_size(key), sigSz);
AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
EC_KEY_free(key);
#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
}
static void test_ED25519(void)
{
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
byte priv[ED25519_PRV_KEY_SIZE];
unsigned int privSz = (unsigned int)sizeof(priv);
byte pub[ED25519_PUB_KEY_SIZE];
unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
const char* msg = TEST_STRING;
unsigned int msglen = (unsigned int)TEST_STRING_SZ;
byte sig[ED25519_SIG_SIZE];
unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
WOLFSSL_SUCCESS);
AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
&sigSz), WOLFSSL_SUCCESS);
AssertIntEQ(sigSz, ED25519_SIG_SIZE);
#ifdef HAVE_ED25519_VERIFY
AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED25519_VERIFY */
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
}
static void test_ED448(void)
{
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
byte priv[ED448_PRV_KEY_SIZE];
unsigned int privSz = (unsigned int)sizeof(priv);
byte pub[ED448_PUB_KEY_SIZE];
unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
const char* msg = TEST_STRING;
unsigned int msglen = (unsigned int)TEST_STRING_SZ;
byte sig[ED448_SIG_SIZE];
unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
WOLFSSL_SUCCESS);
AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
&sigSz), WOLFSSL_SUCCESS);
AssertIntEQ(sigSz, ED448_SIG_SIZE);
#ifdef HAVE_ED448_VERIFY
AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED448_VERIFY */
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
}
#endif /* OPENSSL_EXTRA */
#include <wolfssl/openssl/pem.h>
/*----------------------------------------------------------------------------*
| EVP
*----------------------------------------------------------------------------*/
static void test_wolfSSL_EVP_PKEY_print_public(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
WOLFSSL_BIO* rbio = NULL;
WOLFSSL_BIO* wbio = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
char line[256] = { 0 };
char line1[256] = { 0 };
int i;
printf(testingFmt, "EVP_PKEY_print_public()");
/* test error cases */
AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
/*
* test RSA public key print
* in this test, pass '3' for indent
*/
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024)
rbio = BIO_new_mem_buf( client_keypub_der_1024,
sizeof_client_keypub_der_1024);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " RSA Public-Key: (1024 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " Modulus:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of modulus element*/
for( i = 0; i < 8 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " Exponent: 65537 (0x010001)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/
/*
* test DSA public key print
*/
#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048)
rbio = BIO_new_mem_buf( dsa_pub_key_der_2048,
sizeof_dsa_pub_key_der_2048);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "DSA Public-Key: (2048 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "pub:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of pub element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "P:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of P element*/
for( i = 0; i < 18 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "Q:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of Q element*/
for( i = 0; i < 3 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "G:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of G element*/
for( i = 0; i < 18 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */
/*
* test ECC public key print
*/
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
rbio = BIO_new_mem_buf( ecc_clikeypub_der_256,
sizeof_ecc_clikeypub_der_256);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "Public-Key: (256 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "pub:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of pub element*/
for( i = 0; i < 4 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "ASN1 OID: prime256v1\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "NIST CURVE: P-256\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
/*
* test DH public key print
*/
#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
rbio = BIO_new_mem_buf( dh_pub_key_der_2048,
sizeof_dh_pub_key_der_2048);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "DH Public-Key: (2048 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "public-key:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of public-key element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "prime:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of prime element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "generator: 2 (0x02)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */
/* to prevent "unused variable" warning */
(void)pkey;
(void)wbio;
(void)rbio;
(void)line;
(void)line1;
(void)i;
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
/* Test functions for base64 encode/decode */
static void test_wolfSSL_EVP_ENCODE_CTX_new(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
printf(testingFmt, "EVP_ENCODE_CTX_new()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}
static void test_wolfSSL_EVP_ENCODE_CTX_free(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
printf(testingFmt, "EVP_ENCODE_CTX_free()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}
static void test_wolfSSL_EVP_EncodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "EVP_EncodeInit()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
/* make ctx dirty */
ctx->remaining = 10;
XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
EVP_EncodeInit(ctx);
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "EVP_EncodeUpdate()");
int outl;
int total;
const unsigned char plain0[] = {"Th"};
const unsigned char plain1[] = {"This is a base64 encodeing test."};
const unsigned char plain2[] = {"This is additional data."};
const unsigned char enc0[] = {"VGg=\n"};
/* expected encoded result for the first output 64 chars plus trailing LF*/
const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"};
const unsigned char enc2[] =
{"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"};
unsigned char encOutBuff[300];
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
EVP_EncodeInit(ctx);
/* illegal parameter test */
AssertIntEQ(
EVP_EncodeUpdate(
NULL, /* pass NULL as ctx */
encOutBuff,
&outl,
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
NULL, /* pass NULL as out buff */
&outl,
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
NULL, /* pass NULL as outl */
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
NULL, /* pass NULL as in */
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
/* meaningless parameter test */
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
plain1,
0), /* pass zero input */
1 /* expected result code 1: success */
);
/* very small data encoding test */
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
plain0,
sizeof(plain0)-1),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0);
EVP_EncodeFinal(
ctx,
encOutBuff + outl,
&outl);
AssertIntEQ( outl, sizeof(enc0)-1);
AssertIntEQ(
XSTRNCMP(
(const char*)encOutBuff,
(const char*)enc0,sizeof(enc0) ),
0);
/* pass small size( < 48bytes ) input, then make sure they are not
* encoded and just stored in ctx
*/
EVP_EncodeInit(ctx);
total = 0;
outl = 0;
XMEMSET( encOutBuff,0, sizeof(encOutBuff));
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff, /* buffer for output */
&outl, /* size of output */
plain1, /* input */
sizeof(plain1)-1), /* size of input */
1); /* expected result code 1:success */
total += outl;
AssertIntEQ(outl, 0); /* no output expected */
AssertIntEQ(ctx->remaining, sizeof(plain1) -1);
AssertTrue(
XSTRNCMP((const char*)(ctx->data),
(const char*)plain1,
ctx->remaining) ==0 );
AssertTrue(encOutBuff[0] == 0);
/* call wolfSSL_EVP_EncodeUpdate again to make it encode
* the stored data and the new input together
*/
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff + outl, /* buffer for output */
&outl, /* size of output */
plain2, /* additional input */
sizeof(plain2) -1), /* size of additional input */
1); /* expected result code 1:success */
total += outl;
AssertIntNE(outl, 0); /* some output is expected this time*/
AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */
AssertIntEQ(
XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0);
/* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */
EVP_EncodeFinal(
ctx,
encOutBuff + outl,
&outl);
total += outl;
AssertIntNE(total,0);
AssertIntNE(outl,0);
AssertIntEQ(XSTRNCMP(
(const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0);
/* test with illeagal parameters */
outl = 1;
EVP_EncodeFinal(NULL, encOutBuff + outl, &outl);
AssertIntEQ(outl, 0);
outl = 1;
EVP_EncodeFinal(ctx, NULL, &outl);
AssertIntEQ(outl, 0);
EVP_EncodeFinal(ctx, encOutBuff + outl, NULL);
EVP_EncodeFinal(NULL, NULL, NULL);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "wolfSSL_EVP_EncodeFinal()");
/* tests for wolfSSL_EVP_EncodeFinal are included in
* test_wolfSSL_EVP_EncodeUpdate
*/
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_DecodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeInit()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
/* make ctx dirty */
ctx->remaining = 10;
XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
EVP_DecodeInit(ctx);
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeUpdate()");
int outl;
unsigned char decOutBuff[300];
EVP_ENCODE_CTX* ctx = EVP_ENCODE_CTX_new();
EVP_DecodeInit(ctx);
const unsigned char enc1[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
/* const unsigned char plain1[] =
{"This is a base64 decoding test."} */
/* illegal parameter tests */
/* pass NULL as ctx */
AssertIntEQ(
EVP_DecodeUpdate(
NULL, /* pass NULL as ctx */
decOutBuff,
&outl,
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass NULL as output */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
NULL, /* pass NULL as out buff */
&outl,
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass NULL as outl */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
NULL, /* pass NULL as outl */
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
/* pass NULL as input */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
NULL, /* pass NULL as in */
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass zero length input */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc1,
0), /* pass zero as input len */
1 /* expected result code 1: success */
);
/* decode correct base64 string */
const unsigned char enc2[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
const unsigned char plain2[] =
{"This is a base64 decoding test."};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc2,
sizeof(enc2)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain2) -1);
AssertIntEQ(
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl),
1 /* expected result code 1: success */
);
AssertIntEQ(outl, 0); /* expected DecodeFinal outout no data */
AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
sizeof(plain2) -1 ),0);
/* decode correct base64 string which does not have '\n' in its last*/
const unsigned char enc3[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */
const unsigned char plain3[] =
{"This is a base64 decoding test."}; /* 31 chars */
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc3,
sizeof(enc3)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */
AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
sizeof(plain3) -1 ),0);
AssertIntEQ(
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0 );
/* decode string which has a padding char ('=') in the illegal position*/
const unsigned char enc4[] =
{"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc4,
sizeof(enc4)-1),
-1 /* expected result code -1: error */
);
AssertIntEQ(outl,0);
/* small data decode test */
const unsigned char enc00[] = {"VG"};
const unsigned char enc01[] = {"g=\n"};
const unsigned char plain4[] = {"Th"};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc00,
sizeof(enc00)-1),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff + outl,
&outl,
enc01,
sizeof(enc01)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain4)-1);
/* test with illegal parameters */
AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1);
AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1);
AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1);
AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1);
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl);
AssertIntEQ( outl, 0);
AssertIntEQ(
XSTRNCMP(
(const char*)decOutBuff,
(const char*)plain4,sizeof(plain4)-1 ),
0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeFinal()");
/* tests for wolfSSL_EVP_DecodeFinal are included in
* test_wolfSSL_EVP_DecodeUpdate
*/
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
/* Test function for wolfSSL_EVP_get_cipherbynid.
*/
#ifdef OPENSSL_EXTRA
static void test_wolfSSL_EVP_get_cipherbynid(void)
{
#ifndef NO_AES
const WOLFSSL_EVP_CIPHER* c;
c = wolfSSL_EVP_get_cipherbynid(419);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(423);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(427);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(904);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(905);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(906);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(418);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_ECB", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(422);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_ECB", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(426);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_ECB", c));
#else
AssertNull(c);
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
#ifdef WOLFSSL_DES_ECB
AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
#endif
AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
#ifdef WOLFSSL_DES_ECB
AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
#endif
#endif /* !NO_DES3 */
#ifdef HAVE_IDEA
AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
#endif
/* test for nid is out of range */
AssertNull(wolfSSL_EVP_get_cipherbynid(1));
}
static void test_wolfSSL_EVP_CIPHER_CTX(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_aes_128_cbc();
const EVP_CIPHER *test;
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
AssertNotNull(ctx);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
test = EVP_CIPHER_CTX_cipher(ctx);
AssertTrue(init == test);
AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
EVP_CIPHER_CTX_free(ctx);
/* test EVP_CIPHER_CTX_cleanup with NULL */
AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS);
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
}
#endif /* OPENSSL_EXTRA */
/*----------------------------------------------------------------------------*
| IO
*----------------------------------------------------------------------------*/
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && !defined(SINGLE_THREADED) && \
!defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#define HAVE_IO_TESTS_DEPENDENCIES
#endif
/* helper functions */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#ifdef WOLFSSL_SESSION_EXPORT
#ifdef WOLFSSL_DTLS
/* set up function for sending session information */
static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
{
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
AssertNotNull(inSsl);
AssertNotNull(buf);
AssertIntNE(0, sz);
/* Set ctx to DTLS 1.2 */
ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
AssertNotNull(ctx);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
(void)userCtx;
return WOLFSSL_SUCCESS;
}
#endif
/* returns negative value on fail and positive (including 0) on success */
static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
{
int ret, err, loop_count, count, timeout = 10;
char msg[] = "I hear you fa shizzle!";
char input[1024];
loop_count = ((func_args*)args)->argc;
err = 0; /* Reset error */
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
int select_ret;
err = WC_PENDING_E;
select_ret = tcp_select(*sockfd, timeout);
if (select_ret == TEST_TIMEOUT) {
return WOLFSSL_FATAL_ERROR;
}
}
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
return ret;
}
for (count = 0; count < loop_count; count++) {
int select_ret;
select_ret = tcp_select(*sockfd, timeout);
if (select_ret == TEST_TIMEOUT) {
ret = WOLFSSL_FATAL_ERROR;
break;
}
do {
ret = wolfSSL_read(ssl, input, sizeof(input)-1);
if (ret > 0) {
input[ret] = '\0';
printf("Client message: %s\n", input);
}
} while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
do {
if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
return WOLFSSL_FATAL_ERROR;
}
err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
}
return ret;
}
#endif /* WOLFSSL_SESSION_EXPORT */
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AES_CBC)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
} openssl_key_ctx;
static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
static WC_INLINE int OpenSSLTicketInit(void)
{
int ret = wc_InitRng(&myOpenSSLKey_rng);
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
sizeof(myOpenSSLKey_ctx.key));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
sizeof(myOpenSSLKey_ctx.hmacKey));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv));
if (ret != 0) return ret;
return 0;
}
static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
byte name[WOLFSSL_TICKET_NAME_SZ],
byte iv[WOLFSSL_TICKET_IV_SZ],
WOLFSSL_EVP_CIPHER_CTX *ectx,
WOLFSSL_HMAC_CTX *hctx, int enc) {
(void)ssl;
if (enc) {
XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
}
else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name)) != 0 ||
XMEMCMP(iv, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv)) != 0) {
return 0;
}
HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
if (enc)
EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
else
EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
return 1;
}
static WC_INLINE void OpenSSLTicketCleanup(void)
{
wc_FreeRng(&myOpenSSLKey_rng);
}
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
#ifdef WC_SHA512_DIGEST_SIZE
#define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
#else
#define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
#endif
byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
#endif
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
int sharedCtx = 0;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
size_t msg_len = 0;
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
if (ctx == NULL) {
goto done;
}
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketInit();
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
#endif
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
!= WOLFSSL_SUCCESS) {
/*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
#ifdef WOLFSSL_SESSION_EXPORT
/* only add in more complex nonblocking case with session export tests */
if (args && ((func_args*)args)->argc > 0) {
/* set as nonblock and time out for waiting on read/write */
tcp_set_nonblocking(&clientfd);
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_SESSION_EXPORT
/* only add in more complex nonblocking case with session export tests */
if (((func_args*)args)->argc > 0) {
ret = nonblocking_accept_read(args, ssl, &clientfd);
if (ret >= 0) {
((func_args*)args)->return_code = TEST_SUCCESS;
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
goto done;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
goto done;
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
#endif
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message: %s\n", input);
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
if (cbf != NULL && cbf->on_result != NULL)
cbf->on_result(ssl);
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
#endif
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
int sharedCtx = 0;
int loop_count = ((func_args*)args)->argc;
int count = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
!= WOLFSSL_SUCCESS) {
/*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
while(count != loop_count) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
goto done;
}
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message: %s\n", input);
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
/* free ssl for this connection */
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl); ssl = NULL;
CloseSocket(clientfd);
count++;
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
done:
if(ssl != NULL) {
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
}
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
static void test_client_nofail(void* args, cbType cb)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL_CIPHER* cipher;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int cipherSuite;
int sharedCtx = 0;
const char* cipherName1, *cipherName2;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = cbf->isSharedCtx;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* test the various get cipher methods */
/* Internal cipher suite names */
cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
cipherName1 = wolfSSL_get_cipher_name(ssl);
cipherName2 = wolfSSL_get_cipher_name_from_suite(
(cipherSuite >> 8), cipherSuite & 0xFF);
AssertStrEQ(cipherName1, cipherName2);
/* IANA Cipher Suites Names */
/* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
then it's the internal cipher suite name */
cipher = wolfSSL_get_current_cipher(ssl);
cipherName1 = wolfSSL_CIPHER_get_name(cipher);
cipherName2 = wolfSSL_get_cipher(ssl);
AssertStrEQ(cipherName1, cipherName2);
#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
!defined(WOLFSSL_QT)
cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
(cipherSuite >> 8), cipherSuite & 0xFF);
AssertStrEQ(cipherName1, cipherName2);
#endif
if (cb != NULL)
(cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return;
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL_SESSION* session = NULL;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int sharedCtx = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
/* keep handshakre resources for re-using WOLFSSL obj */
wolfSSL_KeepArrays(ssl);
if(wolfSSL_KeepHandshakeResources(ssl)) {
/* err_sys("SSL_KeepHandshakeResources failed"); */
goto done;
}
if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
/* Session Resumption by re-using WOLFSSL object */
wolfSSL_set_quiet_shutdown(ssl, 1);
if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
/* err_sys ("SSL shutdown failed"); */
goto done;
}
session = wolfSSL_get_session(ssl);
if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
/* err_sys ("SSL_clear failed"); */
goto done;
}
wolfSSL_set_session(ssl, session);
/* close socket once */
CloseSocket(sockfd);
sockfd = 0;
/* wait until server ready */
wait_tcp_ready((func_args*)server_args);
printf("session resumption\n");
/* Do re-connect */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
return;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
static void test_client_verifyDepth(void* args)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int verify_depth = ((func_args*)args)->argc;
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)
!= WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
/* set verify depth */
if (verify_depth == 0) {
myVerifyAction = VERIFY_OVERRIDE_ERROR;
SSL_CTX_set_verify_depth(ctx, verify_depth);
} else if (verify_depth == -1) {
myVerifyAction = VERIFY_USE_PREVERFIY;
SSL_CTX_set_verify_depth(ctx, 0);
} else if (verify_depth > 0) {
myVerifyAction = VERIFY_USE_PREVERFIY;
SSL_CTX_set_verify_depth(ctx, verify_depth);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
goto done;
}
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#else
(void)args;
#endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \
defined(HAVE_ALPN) && defined(HAVE_SNI) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO)
#define HAVE_ALPN_PROTOS_SUPPORT
#endif
/* Generic TLS client / server with callbacks for API unit tests
* Used by SNI / ALPN / crypto callback helper functions */
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
(defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \
defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY)
#define ENABLE_TLS_CALLBACK_TEST
#endif
#if defined(ENABLE_TLS_CALLBACK_TEST) || \
(defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT))
/* TLS server for API unit testing - generic */
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
((func_args*)args)->return_code = TEST_FAIL;
#ifdef WOLFSSL_STATIC_MEMORY
if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
callbacks->memSz > 0) {
ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
callbacks->mem, callbacks->memSz, 0, 1);
if (ret != WOLFSSL_SUCCESS) {
printf("CTX static new failed %d\n", ret);
return 0;
}
}
#endif
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
if (ctx == NULL) {
printf("CTX new failed\n");
return 0;
}
/* set defaults */
if (callbacks->caPemFile == NULL)
callbacks->caPemFile = cliCertFile;
if (callbacks->certPemFile == NULL)
callbacks->certPemFile = svrCertFile;
if (callbacks->keyPemFile == NULL)
callbacks->keyPemFile = svrKeyFile;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS)
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export));
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
printf("SSL new failed\n");
wolfSSL_CTX_free(ctx);
return 0;
}
if (wolfSSL_dtls(ssl)) {
SOCKADDR_IN_T cliAddr;
socklen_t cliLen;
cliLen = sizeof(cliAddr);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0);
idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
(struct sockaddr*)&cliAddr, &cliLen);
AssertIntGT(idx, 0);
wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
}
else {
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sfd);
}
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->loadToSSL) {
wolfSSL_SetDevId(ssl, callbacks->devId);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \
defined(WOLFSSL_DTLS)
if (wolfSSL_dtls(ssl)) {
byte* import;
word32 sz;
wolfSSL_dtls_export(ssl, NULL, &sz);
import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(import);
idx = wolfSSL_dtls_export(ssl, import, &sz);
AssertIntGE(idx, 0);
AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
/* TLS Client for API unit testing - generic */
static void run_wolfssl_client(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello wolfssl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int ret, err = 0;
((func_args*)args)->return_code = TEST_FAIL;
/* set defaults */
if (callbacks->caPemFile == NULL)
callbacks->caPemFile = caCertFile;
if (callbacks->certPemFile == NULL)
callbacks->certPemFile = cliCertFile;
if (callbacks->keyPemFile == NULL)
callbacks->keyPemFile = cliKeyFile;
#ifdef WOLFSSL_STATIC_MEMORY
if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
callbacks->memSz > 0) {
ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
callbacks->mem, callbacks->memSz, 0, 1);
if (ret != WOLFSSL_SUCCESS) {
printf("CTX static new failed %d\n", ret);
return;
}
}
#endif
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
if (ctx == NULL) {
printf("CTX new failed\n");
return;
}
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
if (!callbacks->loadToSSL) {
wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
if (!callbacks->loadToSSL) {
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
if (wolfSSL_dtls(ssl)) {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
1, 0, ssl);
}
else {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
}
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
if (callbacks->loadToSSL) {
wolfSSL_SetDevId(ssl, callbacks->devId);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
}
else {
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, msg, len);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(len, ret);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, input, sizeof(input)-1);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret > 0) {
input[ret] = '\0'; /* null term */
printf("Server response: %s\n", input);
}
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
}
#endif /* ENABLE_TLS_CALLBACK_TEST */
static void test_wolfSSL_read_write(void)
{
/* The unit testing for read and write shall happen simultaneously, since
* one can't do anything with one without the other. (Except for a failure
* test case.) This function will call all the others that will set up,
* execute, and report their test findings.
*
* Set up the success case first. This function will become the template
* for the other tests. This should eventually be renamed
*
* The success case isn't interesting, how can this fail?
* - Do not give the client context a CA certificate. The connect should
* fail. Do not need server for this?
* - Using NULL for the ssl object on server. Do not need client for this.
* - Using NULL for the ssl object on client. Do not need server for this.
* - Good ssl objects for client and server. Client write() without server
* read().
* - Good ssl objects for client and server. Server write() without client
* read().
* - Forgetting the password callback?
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_wolfSSL_reuse_WOLFSSLobj(void)
{
/* The unit test for session resumption by re-using WOLFSSL object.
* WOLFSSL object is not cleared after first session. It re-use the obeject
* for second connection.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* the var is used for loop number */
server_args.argc = 2;
start_thread(test_server_loop, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
static void test_wolfSSL_CTX_verifyDepth_ServerClient(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
/* This unit test is to check set verify Depth */
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions client_cbf;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
printf(testingFmt, "test_wolfSSL_CTX_verifyDepth_ServerClient()\n");
#ifdef WOLFSSL_TLS13
client_cbf.method = wolfTLSv1_3_client_method;
#endif /* WOLFSSL_TLS13 */
client_args.callbacks = &client_cbf;
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* the var is used for loop number */
server_args.argc = 1;
/* test case 1 verify depth is equal to peer chain */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* the var is used for verify depth */
client_args.argc = 2;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
/* test case 2
* verify depth is zero, number of peer's chain is 2.
* verify result becomes MAX_CHAIN_ERROR, but it is overridden in
* callback.
*/
/* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
client_args.argc = 0;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
/* test case 3
* verify depth is zero, number of peer's chain is 2
* verify result becomes MAX_CHAIN_ERRO. call-back returns failure.
* therefore, handshake becomes failure.
*/
/* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
client_args.argc = -1;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
FreeTcpReady(&ready);
printf(resultFmt, passed);
#else
(void)test_client_verifyDepth;
#endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */
}
static void test_client_get_finished(void* args, cbType cb)
{
(void) args;
(void) cb;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
WOLFSSL_METHOD* method = NULL;
size_t msg_len = 0;
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
goto done;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
goto done;
}
/* get_finished test */
/* 1. get own sent message */
XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
/* 2. get peer message */
XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
if (cb != NULL)
(cb)(ctx, ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, msg, msgSz);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
return;
#endif
}
static void test_wolfSSL_get_finished(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_get_finished(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
/* test received msg vs sent msg */
AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
FreeTcpReady(&ready);
#else
(void)test_client_get_finished;
#endif
}
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
/* canned export of a session using older version 3 */
static unsigned char version_3[] = {
0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01,
0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30,
0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05,
0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00,
0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01,
0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F,
0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05,
0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D,
0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B,
0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98,
0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0,
0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74,
0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26,
0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9,
0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04,
0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D,
0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00,
0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01,
0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00,
0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30,
0x2E, 0x31, 0xED, 0x4F
};
#endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
static void test_wolfSSL_dtls_export(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
/* set using dtls */
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfDTLSv1_2_server_method;
client_cbf.method = wolfDTLSv1_2_client_method;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_wolfssl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
run_wolfssl_client(&client_args);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
{
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
byte *session, *window;
unsigned int sessionSz, windowSz;
struct sockaddr_in peerAddr;
int i;
/* Set ctx to DTLS 1.2 */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* test importing version 3 */
AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
/* test importing bad length and bad version */
version_3[2] += 1;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
version_3[2] -= 1; version_3[1] = 0XA0;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
/* check storing client state after connection and storing window only */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
/* set using dtls */
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfDTLSv1_2_server_method;
server_args.callbacks = &server_cbf;
server_args.argc = 3; /* set loop_count to 3 */
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* create and connect with client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
/* store server information connected too */
XMEMSET(&peerAddr, 0, sizeof(peerAddr));
peerAddr.sin_family = AF_INET;
peerAddr.sin_port = XHTONS(server_args.signal->port);
wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr));
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
wolfSSL_free(ssl);
for (i = 1; i < server_args.argc; i++) {
/* restore state */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
wolfSSL_free(ssl);
}
XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_CTX_free(ctx);
printf("done and waiting for server\n");
join_thread(serverThread);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
printf(testingFmt, "wolfSSL_dtls_export()");
printf(resultFmt, passed);
#endif
}
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_TLS13
static const byte canned_client_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x03
};
static const byte canned_server_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04
};
#endif /* WOLFSSL_TLS13 */
static const byte canned_client_session[] = {
0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00,
0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x03
};
static const byte canned_server_session[] = {
0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11,
0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04
};
static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfTLSv1_2_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
if (ctx == NULL) {
goto done;
}
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
wolfSSL_set_fd(ssl, clientfd);
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message export/import: %s\n", input);
}
else {
printf("ret = %d error = %d\n", idx, wolfSSL_get_error(ssl, idx));
goto done;
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
#endif
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
static void load_tls12_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
sizeof(canned_server_session)), sizeof(canned_server_session));
wolfSSL_set_fd(ssl, clientfd);
}
#ifdef WOLFSSL_TLS13
static void load_tls13_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
sizeof(canned_server_tls13_session)),
sizeof(canned_server_tls13_session));
wolfSSL_set_fd(ssl, clientfd);
}
#endif
/* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_tls_export_run(int v)
{
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
word32 replySz;
int msgSz = (int)XSTRLEN(msg);
const byte* clientSession = NULL;
int clientSessionSz = 0;
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
switch (v) {
case WOLFSSL_TLSV1_2:
server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = load_tls12_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
clientSession = canned_client_session;
clientSessionSz = sizeof(canned_client_session);
break;
#ifdef WOLFSSL_TLS13
case WOLFSSL_TLSV1_3:
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = load_tls13_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
clientSession = canned_client_tls13_session;
clientSessionSz = sizeof(canned_client_tls13_session);
break;
#endif
}
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
start_thread(tls_export_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
clientSessionSz);
replySz = sizeof(reply);
AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
#if !defined(NO_PSK) && defined(HAVE_ANON)
/* index 20 has is setting if PSK was on and 49 is if anon is allowed */
AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
#endif
wolfSSL_set_fd(ssl, sockfd);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
join_thread(serverThread);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#endif
static void test_wolfSSL_tls_export(void)
{
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
printf(testingFmt, "wolfSSL_tls_export()");
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
#ifdef WOLFSSL_TLS13
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
#endif
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| TLS extensions tests
*----------------------------------------------------------------------------*/
#ifdef ENABLE_TLS_CALLBACK_TEST
/* Connection test runner - generic */
static void test_wolfSSL_client_server(callback_functions* client_callbacks,
callback_functions* server_callbacks)
{
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
client_args.callbacks = client_callbacks;
server_args.callbacks = server_callbacks;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* RUN Server side */
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_wolfssl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* RUN Client side */
run_wolfssl_client(&client_args);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
client_callbacks->return_code = client_args.return_code;
server_callbacks->return_code = server_args.return_code;
}
#endif /* ENABLE_TLS_CALLBACK_TEST */
#ifdef HAVE_SNI
static void test_wolfSSL_UseSNI_params(void)
{
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* invalid [ctx|ssl] */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
/* invalid type */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
/* invalid data */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
}
/* BEGIN of connection tests callbacks */
static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void use_SNI_at_ssl(WOLFSSL* ssl)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void different_SNI_at_ssl(WOLFSSL* ssl)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
}
static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
}
static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ANSWER_ON_MISMATCH);
}
static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
use_SNI_at_ctx(ctx);
wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
use_SNI_at_ctx(ctx);
wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
{
AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
}
static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
{
AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
}
static void verify_SNI_no_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = (char*) &type; /* to be overwritten */
AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertNotNull(request);
AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNull(request);
}
static void verify_SNI_real_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ("www.wolfssl.com", request);
}
static void verify_SNI_fake_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ("ww2.wolfssl.com", request);
}
static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
}
/* END of connection tests callbacks */
static void test_wolfSSL_UseSNI_connection(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* success case at ctx */
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case at ssl */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* default mismatch behavior */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* continue on mismatch */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* fake answer on mismatch */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success */
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - abort when absent (ctx) */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;
/* sni abort - abort when absent (ssl) */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when overwritten */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when allowing mismatches */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
static void test_wolfSSL_SNI_GetFromBuffer(void)
{
byte buff[] = { /* www.paypal.com */
0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
};
byte buff2[] = { /* api.textmate.org */
0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
};
byte buff3[] = { /* no sni extension */
0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
};
byte buff4[] = { /* last extension has zero size */
0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
0x12, 0x00, 0x00
};
byte buff5[] = { /* SSL v2.0 client hello */
0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
/* dummy bytes bellow, just to pass size check */
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
};
byte result[32] = {0};
word32 length = 32;
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
1, result, &length));
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
buff[0] = 0x16;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
buff[1] = 0x03;
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buff), 0, result, &length));
buff[2] = 0x03;
AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buff), 0, result, &length));
buff[4] = 0x64;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
result[length] = 0;
AssertStrEQ("www.paypal.com", (const char*) result);
length = 32;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length));
result[length] = 0;
AssertStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[2] = 0x02;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[2] = 0x01; buff5[6] = 0x08;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[6] = 0x09; buff5[8] = 0x01;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
}
#endif /* HAVE_SNI */
static void test_wolfSSL_UseSNI(void)
{
#ifdef HAVE_SNI
test_wolfSSL_UseSNI_params();
test_wolfSSL_UseSNI_connection();
test_wolfSSL_SNI_GetFromBuffer();
#endif
}
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
static void test_wolfSSL_UseTrustedCA(void)
{
#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
byte id[20];
#ifndef NO_WOLFSSL_SERVER
AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#else
AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
#endif
AssertNotNull((ssl = wolfSSL_new(ctx)));
XMEMSET(id, 0, sizeof(id));
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
#ifdef NO_SHA
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
#ifndef NO_SHA
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* HAVE_TRUSTED_CA */
}
static void test_wolfSSL_UseMaxFragment(void)
{
#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif
WOLFSSL *ssl = wolfSSL_new(ctx);
#ifdef OPENSSL_EXTRA
int (*UseMaxFragment)(SSL *s, uint8_t mode);
int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);
CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length;
UseMaxFragment = SSL_set_tlsext_max_fragment_length;
#else
int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);
UseMaxFragment = wolfSSL_UseMaxFragment;
CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment;
#endif
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
/* success case */
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
#else
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
#else
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
#else
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseTruncatedHMAC(void)
{
#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseSupportedCurve(void)
{
#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
#if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
}
static void use_ALPN_all(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_all_continue(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}
static void use_ALPN_one(WOLFSSL* ssl)
{
/* spdy/2 */
char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_unknown(WOLFSSL* ssl)
{
/* http/2.0 */
char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_unknown_continue(WOLFSSL* ssl)
{
/* http/2.0 */
char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}
static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
{
/* spdy/3 */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char *proto = NULL;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntNE(1, sizeof(nego_proto) == protoSz);
if (proto) {
AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
}
}
static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
{
char *proto = NULL;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, (0 == protoSz));
AssertIntEQ(1, (NULL == proto));
}
static void verify_ALPN_matching_http1(WOLFSSL* ssl)
{
/* http/1.1 */
char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
char *proto;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
{
/* spdy/2 */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
char *proto;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_ALPN_client_list(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char *clist = NULL;
word16 clistSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
&clistSz));
/* check value */
AssertIntEQ(1, sizeof(alpn_list) == clistSz);
AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
}
static void test_wolfSSL_UseALPN_connection(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* success case same list */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case only one for server */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case only one for client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case none for client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case mismatch behavior but option 'continue' set */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case read protocol send by client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* mismatch behavior with same list
* the first and only this one must be taken */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* default mismatch behavior */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
static void test_wolfSSL_UseALPN_params(void)
{
#ifndef NO_WOLFSSL_CLIENT
/* "http/1.1" */
char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
/* "spdy/1" */
char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
/* "spdy/2" */
char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
/* "spdy/3" */
char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char buff[256];
word32 idx;
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_UseALPN(NULL, http1, sizeof(http1),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* success case */
/* http1 only */
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseALPN(ssl, http1, sizeof(http1),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* http1, spdy1 */
XMEMCPY(buff, http1, sizeof(http1));
idx = sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* http1, spdy2, spdy1 */
XMEMCPY(buff, http1, sizeof(http1));
idx = sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
idx += sizeof(spdy2);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* spdy3, http1, spdy2, spdy1 */
XMEMCPY(buff, spdy3, sizeof(spdy3));
idx = sizeof(spdy3);
buff[idx++] = ',';
XMEMCPY(buff+idx, http1, sizeof(http1));
idx += sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
idx += sizeof(spdy2);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
#endif /* HAVE_ALPN */
#ifdef HAVE_ALPN_PROTOS_SUPPORT
static void CTX_set_alpn_protos(SSL_CTX *ctx)
{
unsigned char p[] = {
8, 'h', 't', 't', 'p', '/', '1', '.', '1',
6, 's', 'p', 'd', 'y', '/', '2',
6, 's', 'p', 'd', 'y', '/', '1',
};
unsigned char p_len = sizeof(p);
int ret;
ret = SSL_CTX_set_alpn_protos(ctx, p, p_len);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(ret, 0);
#else
AssertIntEQ(ret, SSL_SUCCESS);
#endif
}
static void set_alpn_protos(SSL* ssl)
{
unsigned char p[] = {
6, 's', 'p', 'd', 'y', '/', '3',
8, 'h', 't', 't', 'p', '/', '1', '.', '1',
6, 's', 'p', 'd', 'y', '/', '2',
6, 's', 'p', 'd', 'y', '/', '1',
};
unsigned char p_len = sizeof(p);
int ret;
ret = SSL_set_alpn_protos(ssl, p, p_len);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(ret, 0);
#else
AssertIntEQ(ret, SSL_SUCCESS);
#endif
}
static void verify_alpn_matching_spdy3(WOLFSSL* ssl)
{
/* "spdy/3" */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
const unsigned char *proto;
unsigned int protoSz = 0;
SSL_get0_alpn_selected(ssl, &proto, &protoSz);
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_alpn_matching_http1(WOLFSSL* ssl)
{
/* "http/1.1" */
char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
const unsigned char *proto;
unsigned int protoSz = 0;
SSL_get0_alpn_selected(ssl, &proto, &protoSz);
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void test_wolfSSL_set_alpn_protos(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* use CTX_alpn_protos */
client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* use set_alpn_protos */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
#endif /* HAVE_ALPN_PROTOS_SUPPORT */
static void test_wolfSSL_UseALPN(void)
{
#if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\
defined(HAVE_IO_TESTS_DEPENDENCIES)
test_wolfSSL_UseALPN_connection();
test_wolfSSL_UseALPN_params();
#endif
#ifdef HAVE_ALPN_PROTOS_SUPPORT
test_wolfSSL_set_alpn_protos();
#endif
}
static void test_wolfSSL_DisableExtendedMasterSecret(void)
{
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
{
#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*----------------------------------------------------------------------------*
| X509 Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_ALL) || \
(defined(OPENSSL_EXTRA) && \
(defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{
/* use openssl like name to test mapping */
X509_NAME_ENTRY* ne;
X509_NAME* name;
X509* x509;
#ifndef NO_FILESYSTEM
ASN1_STRING* asn;
char* subCN = NULL;
#endif
int idx;
ASN1_OBJECT *object = NULL;
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
BIO* bio;
#endif
#endif
#ifndef NO_FILESYSTEM
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
asn = X509_NAME_ENTRY_get_data(ne);
AssertNotNull(asn);
subCN = (char*)ASN1_STRING_data(asn);
AssertNotNull(subCN);
wolfSSL_FreeX509(x509);
#endif
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
BIO_free(bio);
#endif
#endif
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
wolfSSL_FreeX509(x509);
}
printf(resultFmt, passed);
#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
#endif /* !NO_CERTS && !NO_RSA */
}
/* Testing functions dealing with PKCS12 parsing out X509 certs */
static void test_wolfSSL_PKCS12(void)
{
/* .p12 file is encrypted with DES3 */
#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
* (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
* Password Key
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
!defined(NO_SHA) && defined(HAVE_PKCS12)
byte buf[6000];
char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12";
#ifdef WC_RC2
char rc2p12[] = "./certs/test-servercert-rc2.p12";
#endif
char pass[] = "a password";
const char goodPsw[] = "wolfSSL test";
const char badPsw[] = "bad";
#ifdef HAVE_ECC
WOLFSSL_X509_NAME* subject;
WOLFSSL_X509 *x509;
#endif
XFILE f;
int bytes, ret, goodPswLen, badPswLen;
WOLFSSL_BIO *bio;
WOLFSSL_EVP_PKEY *pkey;
WC_PKCS12 *pkcs12;
WC_PKCS12 *pkcs12_2;
WOLFSSL_X509 *cert;
WOLFSSL_X509 *tmp;
WOLF_STACK_OF(WOLFSSL_X509) *ca;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
#endif
printf(testingFmt, "wolfSSL_PKCS12()");
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
goodPswLen = (int)XSTRLEN(goodPsw);
badPswLen = (int)XSTRLEN(badPsw);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
pkcs12 = d2i_PKCS12_bio(bio, NULL);
AssertNotNull(pkcs12);
PKCS12_free(pkcs12);
d2i_PKCS12_bio(bio, &pkcs12);
AssertNotNull(pkcs12);
BIO_free(bio);
/* check verify MAC directly */
ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen);
AssertIntEQ(ret, 1);
/* check verify MAC fail case directly */
ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen);
AssertIntEQ(ret, 0);
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse with no extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
/* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* Copy stack structure */
AssertNotNull(tmp_ca = X509_chain_up_ref(ca));
AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
/* CTX now owns the tmp_ca stack structure */
tmp_ca = NULL;
AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
AssertNotNull(tmp_ca);
AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
/* Check that the main cert is also set */
AssertNotNull(SSL_CTX_get0_certificate(ctx));
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_certificate(ssl));
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
/* should be 2 other certs on stack */
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
AssertNull(sk_X509_pop(ca));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(ca, X509_free);
/* check PKCS12_create */
AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
SSL_SUCCESS);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
-1, -1, 100, -1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_free(ca);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
PKCS12_free(pkcs12_2);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
2000, 1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_free(ca);
/* convert to DER then back and parse */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
PKCS12_free(pkcs12_2);
AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
BIO_free(bio);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
/* should be 2 other certs on stack */
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
AssertNull(sk_X509_pop(ca));
#ifndef NO_RC4
PKCS12_free(pkcs12_2);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
NID_pbe_WithSHA1And128BitRC4,
NID_pbe_WithSHA1And128BitRC4,
2000, 1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_free(ca);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
#endif /* NO_RC4 */
EVP_PKEY_free(pkey);
X509_free(cert);
PKCS12_free(pkcs12);
PKCS12_free(pkcs12_2);
sk_X509_free(ca);
#ifdef HAVE_ECC
/* test order of parsing */
f = XFOPEN(order, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
/* compare subject lines of certificates */
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
X509_free(x509);
/* test expected fail case */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
SSL_FILETYPE_PEM));
AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
X509_free(x509);
X509_free(cert);
/* get subject line from ca stack */
AssertNotNull(cert = sk_X509_pop(ca));
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
/* compare subject from certificate in ca to expected */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(cert);
BIO_free(bio);
PKCS12_free(pkcs12);
sk_X509_free(ca); /* TEST d2i_PKCS12_fp */
/* test order of parsing */
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
XFCLOSE(f);
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse with no extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
sk_X509_free(ca);
PKCS12_free(pkcs12);
#endif /* HAVE_ECC */
#ifdef WC_RC2
/* test PKCS#12 with RC2 encryption */
f = XFOPEN(rc2p12, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse iwth not extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
sk_X509_free(ca);
BIO_free(bio);
PKCS12_free(pkcs12);
#endif /* WC_RC2 */
/* Test i2d_PKCS12_bio */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
XFCLOSE(f);
bio = BIO_new(BIO_s_mem());
AssertNotNull(bio);
ret = i2d_PKCS12_bio(bio, pkcs12);
AssertIntEQ(ret, 1);
ret = i2d_PKCS12_bio(NULL, pkcs12);
AssertIntEQ(ret, 0);
ret = i2d_PKCS12_bio(bio, NULL);
AssertIntEQ(ret, 0);
PKCS12_free(pkcs12);
BIO_free(bio);
(void)order;
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_FIPS */
}
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
(!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
#define TEST_PKCS8_ENC
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
&& defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
/* used to keep track if FailTestCallback was called */
static int failTestCallbackCalled = 0;
static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
{
(void)passwd;
(void)sz;
(void)rw;
(void)userdata;
/* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
failTestCallbackCalled = 1;
return -1;
}
#endif
static void test_wolfSSL_no_password_cb(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
&& defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
WOLFSSL_CTX* ctx;
byte buff[FOURK_BUF];
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
XFILE f;
int bytes;
printf(testingFmt, "test_wolfSSL_no_password_cb()");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
#endif
wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
if (failTestCallbackCalled != 0) {
Fail(("Password callback should not be called by default"),
("Password callback was called without attempting "
"to first decipher private key without password."));
}
printf(resultFmt, passed);
#endif
}
#ifdef TEST_PKCS8_ENC
/* for PKCS8 test case */
static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
{
int flag = 0;
(void)rw;
if (userdata != NULL) {
flag = *((int*)userdata); /* user set data */
}
switch (flag) {
case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
* can be anything the user wishes to be passed to the callback
* associated with the WOLFSSL_CTX */
XSTRNCPY(passwd, "yassl123", sz);
return 8;
default:
return BAD_FUNC_ARG;
}
}
#endif /* TEST_PKCS8_ENC */
/* Testing functions dealing with PKCS8 */
static void test_wolfSSL_PKCS8(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
byte buff[FOURK_BUF];
byte der[FOURK_BUF];
#ifndef NO_RSA
const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
#endif
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
#ifdef HAVE_ECC
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
#endif
XFILE f;
int bytes;
WOLFSSL_CTX* ctx;
#if defined(HAVE_ECC) && !defined(NO_CODING)
int ret;
ecc_key key;
word32 x = 0;
#endif
#ifdef TEST_PKCS8_ENC
#if !defined(NO_RSA) && !defined(NO_SHA)
const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
#endif
#if defined(HAVE_ECC) && !defined(NO_SHA)
const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
#endif
int flag;
#endif
(void)der;
printf(testingFmt, "wolfSSL_PKCS8()");
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#else
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#endif
#ifdef TEST_PKCS8_ENC
wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
flag = 1; /* used by password callback as return code */
#if !defined(NO_RSA) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0);
/* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0);
/* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif /* !NO_RSA && !NO_SHA */
#if defined(HAVE_ECC) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0);
/* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0);
/* test loading DER PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* leave flag as "okay" */
flag = 1;
#endif /* HAVE_ECC && !NO_SHA */
#endif /* TEST_PKCS8_ENC */
#ifndef NO_RSA
/* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8DerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* test loading PEM PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8PemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */
/* Test PKCS8 PEM ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
#ifdef HAVE_ECC
/* Test PKCS8 PEM ECC key no crypt */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#ifndef NO_CODING
/* decrypt PKCS8 PEM to key in DER format */
AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), 0);
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
wc_ecc_free(&key);
}
AssertIntEQ(ret, 0);
#endif
/* Test PKCS8 DER ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
/* Test using a PKCS8 ECC PEM */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#else
/* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
#endif /* HAVE_ECC */
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
}
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
"OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
"2L9W4v7swXkV+X+a1ww=\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_PKCS8_ED448(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
"Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
"T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
/* Testing functions dealing with PKCS5 */
static void test_wolfSSL_PKCS5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
const char* passwd = "myfipsPa$$W0rd";
#else
const char *passwd = "pass1234";
#endif
const unsigned char *salt = (unsigned char *)"salt1234";
unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
int ret = 0;
AssertNotNull(out);
ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
(int)XSTRLEN((const char *) salt), 10,
WC_SHA_DIGEST_SIZE,out);
AssertIntEQ(ret, SSL_SUCCESS);
#ifdef WOLFSSL_SHA512
ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
(int)XSTRLEN((const char *) salt), 10,
wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
AssertIntEQ(ret, SSL_SUCCESS);
#endif
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
}
/* test parsing URI from certificate */
static void test_wolfSSL_URI(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
defined(OPENSSL_EXTRA))
WOLFSSL_X509* x509;
const char uri[] = "./certs/client-uri-cert.pem";
const char badUri[] = "./certs/client-relative-uri.pem";
printf(testingFmt, "wolfSSL URI parse");
x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
wolfSSL_FreeX509(x509);
x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT)
AssertNull(x509);
#else
AssertNotNull(x509);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_TBS(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA)
WOLFSSL_X509* x509;
const unsigned char* tbs;
int tbsSz;
printf(testingFmt, "wolfSSL TBS");
AssertNotNull(x509 =
wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
AssertIntEQ(tbsSz, 981);
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_verify(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA)
WOLFSSL_X509* ca;
WOLFSSL_X509* serv;
WOLFSSL_EVP_PKEY* pkey;
unsigned char buf[2048];
const unsigned char* pt = NULL;
int bufSz;
printf(testingFmt, "wolfSSL X509 verify");
AssertNotNull(ca =
wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(bufSz, 294);
bufSz = 2048;
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
AssertNotNull(serv =
wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
/* success case */
pt = buf;
AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
/* fail case */
bufSz = 2048;
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
WOLFSSL_SUCCESS);
pt = buf;
AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_FreeX509(ca);
wolfSSL_FreeX509(serv);
printf(resultFmt, passed);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
/* create certificate with version 2 */
static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
{
WOLFSSL_X509 *x509, *x509v2;
WOLFSSL_EVP_PKEY *priv, *pub;
unsigned char *der = NULL, *key = NULL, *pt;
char *header, *name;
int derSz;
long keySz;
XFILE fp;
WOLFSSL_ASN1_TIME *notBefore, *notAfter;
time_t t;
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
WOLFSSL_FILETYPE_PEM));
fp = XFOPEN(cliKeyFile, "rb");
AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
WOLFSSL_SUCCESS);
XFCLOSE(fp);
pt = key;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, keySz));
/* create the version 2 certificate */
AssertNotNull(x509v2 = X509_new());
AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2,
wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509));
AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);
t = time(NULL);
AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));
AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
derSz = wolfSSL_i2d_X509(x509v2, &der);
AssertIntGT(derSz, 0);
AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(x509v2);
wolfSSL_EVP_PKEY_free(priv);
wolfSSL_EVP_PKEY_free(pub);
wolfSSL_ASN1_TIME_free(notBefore);
wolfSSL_ASN1_TIME_free(notAfter);
}
/* override certificate version error */
static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
AssertIntEQ(store->error, ASN_VERSION_E);
AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
(void)preverify;
return 1;
}
/* set verify callback that will override bad certificate version */
static void test_set_override_x509(WOLFSSL_CTX* ctx)
{
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
}
#endif
static void test_wolfSSL_X509_TLS_version(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
tcp_ready ready;
func_args server_args;
func_args client_args;
THREAD_TYPE serverThread;
callback_functions func_cb_client;
callback_functions func_cb_server;
printf(testingFmt, "test_wolfSSL_X509_TLS_version");
/* test server rejects a client certificate that is not version 3 */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
func_cb_client.ctx_ready = &test_set_x509_badversion;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_FAIL);
AssertIntEQ(server_args.return_code, TEST_FAIL);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
/* Now re run but override the bad X509 version */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
func_cb_client.ctx_ready = &test_set_x509_badversion;
func_cb_server.ctx_ready = &test_set_override_x509;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
* version allowed.
* POST: 1 on success.
*/
static int test_wolfSSL_CTX_SetMinVersion(void)
{
int failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx;
int itr;
#ifndef NO_OLD_TLS
const int versions[] = {
#ifdef WOLFSSL_ALLOW_TLSV10
WOLFSSL_TLSV1,
#endif
WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#elif defined(WOLFSSL_TLS13)
const int versions[] = { WOLFSSL_TLSV1_3 };
#else
const int versions[0];
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){
failFlag = WOLFSSL_FAILURE;
}
}
printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
#endif
return failFlag;
} /* END test_wolfSSL_CTX_SetMinVersion */
/*----------------------------------------------------------------------------*
| OCSP Stapling
*----------------------------------------------------------------------------*/
/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
* need to contact the CA, lowering the cost of cert revocation checking.
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
* POST: 1 returned for success.
*/
static int test_wolfSSL_UseOCSPStapling(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
#else
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#endif
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStapling */
/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
* stapling eliminates the need to contact the CA and lowers cert revocation
* check.
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
*/
static int test_wolfSSL_UseOCSPStaplingV2 (void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
#else
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#endif
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE );
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStaplingV2*/
/*----------------------------------------------------------------------------*
| Multicast Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_mcast(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
(defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int result;
byte preMasterSecret[512];
byte clientRandom[32];
byte serverRandom[32];
byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
byte buf[256];
word16 newId;
ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
AssertNotNull(ctx);
result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
AssertIntEQ(result, WOLFSSL_SUCCESS);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
result = wolfSSL_set_secret(ssl, 23,
preMasterSecret, sizeof(preMasterSecret),
clientRandom, serverRandom, suite);
AssertIntEQ(result, WOLFSSL_SUCCESS);
result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
AssertIntLE(result, 0);
AssertIntLE(newId, 100);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */
}
/*----------------------------------------------------------------------------*
| Wolfcrypt
*----------------------------------------------------------------------------*/
/*
* Unit test for the wc_InitBlake2b()
*/
static int test_wc_InitBlake2b (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2
Blake2b blake2b;
printf(testingFmt, "wc_InitBlake2B()");
/* Test good arg. */
ret = wc_InitBlake2b(&blake2b, 64);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!ret) {
ret = wc_InitBlake2b(NULL, 64);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(NULL, 128);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(&blake2b, 128);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(NULL, 0);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(&blake2b, 0);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END test_wc_InitBlake2b*/
/*
* Unit test for the wc_InitBlake2b_WithKey()
*/
static int test_wc_InitBlake2b_WithKey (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2
Blake2b blake2b;
word32 digestSz = BLAKE2B_KEYBYTES;
byte key[BLAKE2B_KEYBYTES];
word32 keylen = BLAKE2B_KEYBYTES;
printf(testingFmt, "wc_InitBlake2b_WithKey()");
/* Test good arg. */
ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, keylen);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, 256);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, NULL, keylen);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END wc_InitBlake2b_WithKey*/
/*
* Unit test for the wc_InitBlake2s_WithKey()
*/
static int test_wc_InitBlake2s_WithKey (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2S
Blake2s blake2s;
word32 digestSz = BLAKE2S_KEYBYTES;
byte *key = (byte*)"01234567890123456789012345678901";
word32 keylen = BLAKE2S_KEYBYTES;
printf(testingFmt, "wc_InitBlake2s_WithKey()");
/* Test good arg. */
ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, keylen);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, 256);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, NULL, keylen);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END wc_InitBlake2s_WithKey*/
/*
* Unit test for the wc_InitMd5()
*/
static int test_wc_InitMd5 (void)
{
int flag = 0;
#ifndef NO_MD5
wc_Md5 md5;
int ret;
printf(testingFmt, "wc_InitMd5()");
/* Test good arg. */
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitMd5(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitMd5 */
/*
* Testing wc_UpdateMd5()
*/
static int test_wc_Md5Update (void)
{
int flag = 0;
#ifndef NO_MD5
wc_Md5 md5;
byte hash[WC_MD5_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Md5Update()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
"\x72";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/*Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_MD5_DIGEST_SIZE;
ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5Update() */
/*
* Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
*/
static int test_wc_Md5Final (void)
{
int flag = 0;
#ifndef NO_MD5
/* Instantiate */
wc_Md5 md5;
byte* hash_test[3];
byte hash1[WC_MD5_DIGEST_SIZE];
byte hash2[2*WC_MD5_DIGEST_SIZE];
byte hash3[5*WC_MD5_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test)/sizeof(byte*);
/* Test good args. */
printf(testingFmt, "wc_Md5Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Md5Final(&md5, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Md5Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
/*
* Unit test for the wc_InitSha()
*/
static int test_wc_InitSha(void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
int ret;
printf(testingFmt, "wc_InitSha()");
/* Test good arg. */
ret = wc_InitSha(&sha);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha */
/*
* Tesing wc_ShaUpdate()
*/
static int test_wc_ShaUpdate (void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha(&sha);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_ShaUpdate()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_ShaUpdate(&sha, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_ShaUpdate(&sha, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
"\x6C\x9C\xD0\xD8\x9D";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, hash);
if (ret !=0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA_DIGEST_SIZE;
ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaUpdate() */
/*
* Unit test on wc_ShaFinal
*/
static int test_wc_ShaFinal (void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
byte* hash_test[3];
byte hash1[WC_SHA_DIGEST_SIZE];
byte hash2[2*WC_SHA_DIGEST_SIZE];
byte hash3[5*WC_SHA_DIGEST_SIZE];
int times, i, ret;
/*Initialize*/
ret = wc_InitSha(&sha);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test)/sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_ShaFinal()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_ShaFinal(&sha, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_ShaFinal(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaFinal(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaFinal */
/*
* Unit test for wc_InitSha256()
*/
static int test_wc_InitSha256 (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
int ret;
printf(testingFmt, "wc_InitSha256()");
/* Test good arg. */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha256(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha256 */
/*
* Unit test for wc_Sha256Update()
*/
static int test_wc_Sha256Update (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte hash[WC_SHA256_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha256Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha256Update(&sha256, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha256Update(&sha256, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA256_DIGEST_SIZE;
ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
/* If not returned then the unit test passed. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Update */
/*
* Unit test function for wc_Sha256Final()
*/
static int test_wc_Sha256Final (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte* hash_test[3];
byte hash1[WC_SHA256_DIGEST_SIZE];
byte hash2[2*WC_SHA256_DIGEST_SIZE];
byte hash3[5*WC_SHA256_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha256Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha256Final(&sha256, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha256Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Final */
/*
* Unit test function for wc_Sha256FinalRaw()
*/
static int test_wc_Sha256FinalRaw (void)
{
int flag = 0;
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha256 sha256;
byte* hash_test[3];
byte hash1[WC_SHA256_DIGEST_SIZE];
byte hash2[2*WC_SHA256_DIGEST_SIZE];
byte hash3[5*WC_SHA256_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha256FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha256FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256FinalRaw(&sha256, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256FinalRaw */
/*
* Unit test function for wc_Sha256GetFlags()
*/
static int test_wc_Sha256GetFlags (void)
{
int flag = 0;
#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha256 sha256;
word32 flags = 0;
printf(testingFmt, "wc_Sha256GetFlags()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_Sha256GetFlags(&sha256, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256GetFlags */
/*
* Unit test function for wc_Sha256Free()
*/
static int test_wc_Sha256Free (void)
{
int flag = 0;
#ifndef NO_SHA256
printf(testingFmt, "wc_Sha256Free()");
wc_Sha256Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Free */
/*
* Unit test function for wc_Sha256GetHash()
*/
static int test_wc_Sha256GetHash (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte hash1[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wc_Sha256GetHash()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_Sha256GetHash(&sha256, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha256GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256GetHash(&sha256, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256GetHash */
/*
* Unit test function for wc_Sha256Copy()
*/
static int test_wc_Sha256Copy (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
wc_Sha256 temp;
printf(testingFmt, "wc_Sha256Copy()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_InitSha256(&temp);
}
if (flag == 0) {
flag = wc_Sha256Copy(&sha256, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha256Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256Copy(&sha256, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
wc_Sha256Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Copy */
/*
* Testing wc_InitSha512()
*/
static int test_wc_InitSha512 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512()");
/* Test good arg. */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha512 */
/*
* wc_Sha512Update() test.
*/
static int test_wc_Sha512Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
"\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
"\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
"\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_DIGEST_SIZE;
ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Update */
#ifdef WOLFSSL_SHA512
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
(!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
/* Perfoms test for
* - wc_Sha512Final/wc_Sha512FinalRaw
* - wc_Sha512_224Final/wc_Sha512_224Final
* - wc_Sha512_256Final/wc_Sha512_256Final
* parameter:
* - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
* WC_HASH_TYPE_SHA512_256
* - isRaw: if is non-zero, xxxFinalRaw function will be tested
*return 0 on success
*/
static int test_Sha512_Family_Final(int type, int isRaw)
{
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
int(*initFp)(wc_Sha512*);
int(*finalFp)(wc_Sha512*, byte*);
void(*freeFp)(wc_Sha512*);
if (type == WC_HASH_TYPE_SHA512) {
initFp = wc_InitSha512;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512Final;
#endif
freeFp = wc_Sha512Free;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
else if (type == WC_HASH_TYPE_SHA512_224) {
initFp = wc_InitSha512_224;
#if !defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512_224Final;
#endif
freeFp = wc_Sha512_224Free;
}
#endif
#if !defined(WOLFSSL_NOSHA512_256)
else if (type == WC_HASH_TYPE_SHA512_256) {
initFp = wc_InitSha512_256;
#if !defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512_256Final;
#endif
freeFp = wc_Sha512_256Free;
}
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
else
return BAD_FUNC_ARG;
/* Initialize */
ret = initFp(&sha512);
if (!ret) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte *);
/* Good test args. */
for (i = 0; i < times && ret == 0; i++) {
ret = finalFp(&sha512, hash_test[i]);
}
/* Test bad args. */
if (!ret) {
if (finalFp(NULL, NULL) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (!ret) {
if (finalFp(NULL, hash1) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (!ret) {
if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
freeFp(&sha512);
return ret;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
(!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
* Unit test function for wc_Sha512Final()
*/
static int test_wc_Sha512Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte *);
/* Good test args. */
printf(testingFmt, "wc_Sha512Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha512Final(&sha512, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha512Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {}
ret = wc_Sha512Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512Final(&sha512, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Final */
/*
* Unit test function for wc_Sha512GetFlags()
*/
static int test_wc_Sha512GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512;
word32 flags = 0;
printf(testingFmt, "wc_Sha512GetFlags()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_Sha512GetFlags(&sha512, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512GetFlags */
/*
* Unit test function for wc_Sha512FinalRaw()
*/
static int test_wc_Sha512FinalRaw (void)
{
int flag = 0;
#if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha512FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha512FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512FinalRaw(&sha512, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512FinalRaw */
/*
* Unit test function for wc_Sha512Free()
*/
static int test_wc_Sha512Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
printf(testingFmt, "wc_Sha512Free()");
wc_Sha512Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Free */
#ifdef WOLFSSL_SHA512
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
(!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
static int test_Sha512_Family_GetHash(int type )
{
int flag = 0;
int(*initFp)(wc_Sha512*);
int(*ghashFp)(wc_Sha512*, byte*);
wc_Sha512 sha512;
byte hash1[WC_SHA512_DIGEST_SIZE];
if (type == WC_HASH_TYPE_SHA512) {
initFp = wc_InitSha512;
ghashFp = wc_Sha512GetHash;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
else if (type == WC_HASH_TYPE_SHA512_224) {
initFp = wc_InitSha512_224;
ghashFp = wc_Sha512_224GetHash;
}
#endif
#if !defined(WOLFSSL_NOSHA512_256)
else if (type == WC_HASH_TYPE_SHA512_256) {
initFp = wc_InitSha512_256;
ghashFp = wc_Sha512_256GetHash;
}
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
else {
initFp = NULL;
ghashFp = NULL;
}
if (initFp == NULL || ghashFp == NULL)
return WOLFSSL_FATAL_ERROR;
if (!flag) {
flag = initFp(&sha512);
}
if (!flag) {
flag = ghashFp(&sha512, hash1);
}
/*test bad arguements*/
if (!flag) {
if (ghashFp(NULL, NULL) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {
if (ghashFp(NULL, hash1) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {
if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512Free(&sha512);
return flag;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
(!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
* Unit test function for wc_Sha512GetHash()
*/
static int test_wc_Sha512GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte hash1[WC_SHA512_DIGEST_SIZE];
printf(testingFmt, "wc_Sha512GetHash()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_Sha512GetHash(&sha512, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha512GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512GetHash(&sha512, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512GetHash */
/*
* Unit test function for wc_Sha512Copy()
*/
static int test_wc_Sha512Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512Copy()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_InitSha512(&temp);
}
if (flag == 0) {
flag = wc_Sha512Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha512Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512Copy(&sha512, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
wc_Sha512Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Copy */
static int test_wc_InitSha512_224 (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512_224()");
/* Test good arg. */
ret = wc_InitSha512_224(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512_224(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_224Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Update (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, c;
int ret;
ret = wc_InitSha512_224(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512_224Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512_224Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
"\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512_224Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_224_DIGEST_SIZE;
ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_224Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Final (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224Final()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
printf(testingFmt, "wc_Sha512_224GetFlags()");
/* Initialize */
flag = wc_InitSha512_224(&sha512);
if (!flag) {
flag = wc_InitSha512_224(&copy);
}
if (!flag) {
flag = wc_Sha512_224Copy(&sha512, &copy);
}
if (!flag) {
flag = wc_Sha512_224GetFlags(&copy, &flags);
}
if (!flag) {
if (flags & WC_HASH_FLAG_ISCOPY)
flag = 0;
else
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_224Free(&copy);
wc_Sha512_224Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224FinalRaw (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
!defined(WOLFSSL_NO_HASH_RAW)
printf(testingFmt, "wc_Sha512_224FinalRaw()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
static int test_wc_Sha512_224Free (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224Free()");
wc_Sha512_224Free(NULL);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224GetHash (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224GetHash()");
flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Copy (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512_224Copy()");
/* Initialize */
flag = wc_InitSha512_224(&sha512);
if (flag == 0) {
flag = wc_InitSha512_224(&temp);
}
if (flag == 0) {
flag = wc_Sha512_224Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_224Free(&sha512);
wc_Sha512_224Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_InitSha512_256 (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512_256()");
/* Test good arg. */
ret = wc_InitSha512_256(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512_256(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_256Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Update (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, c;
int ret;
ret = wc_InitSha512_256(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512_256Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512_256Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
"\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
"\x07\xe7\xaf\x23";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512_256Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_256_DIGEST_SIZE;
ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_256Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Final (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256Final()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
printf(testingFmt, "wc_Sha512_256GetFlags()");
/* Initialize */
flag = wc_InitSha512_256(&sha512);
if (!flag ) {
flag = wc_InitSha512_256(&copy);
}
if (!flag ) {
flag = wc_Sha512_256Copy(&sha512, &copy);
}
if (!flag ) {
flag = wc_Sha512_256GetFlags(&copy, &flags);
}
if (!flag) {
if (flags & WC_HASH_FLAG_ISCOPY)
flag = 0;
else
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_256Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256FinalRaw (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
!defined(WOLFSSL_NO_HASH_RAW)
printf(testingFmt, "wc_Sha512_256FinalRaw()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
static int test_wc_Sha512_256Free (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256Free()");
wc_Sha512_256Free(NULL);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256GetHash (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256GetHash()");
flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Copy (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512_256Copy()");
/* Initialize */
flag = wc_InitSha512_256(&sha512);
if (flag == 0) {
flag = wc_InitSha512_256(&temp);
}
if (flag == 0) {
flag = wc_Sha512_256Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_256Free(&sha512);
wc_Sha512_256Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
/*
* Testing wc_InitSha384()
*/
static int test_wc_InitSha384 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
int ret;
printf(testingFmt, "wc_InitSha384()");
/* Test good arg. */
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha384(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha384 */
/*
* test wc_Sha384Update()
*/
static int test_wc_Sha384Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte hash[WC_SHA384_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha384Update()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha384Update(&sha384, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha384Update(&sha384, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA384_DIGEST_SIZE;
ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Update */
/*
* Unit test function for wc_Sha384Final();
*/
static int test_wc_Sha384Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte* hash_test[3];
byte hash1[WC_SHA384_DIGEST_SIZE];
byte hash2[2*WC_SHA384_DIGEST_SIZE];
byte hash3[5*WC_SHA384_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha384(&sha384);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha384Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha384Final(&sha384, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha384Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Final */
/*
* Unit test function for wc_Sha384GetFlags()
*/
static int test_wc_Sha384GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha384 sha384;
word32 flags = 0;
printf(testingFmt, "wc_Sha384GetFlags()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_Sha384GetFlags(&sha384, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384GetFlags */
/*
* Unit test function for wc_Sha384FinalRaw()
*/
static int test_wc_Sha384FinalRaw (void)
{
int flag = 0;
#if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha384 sha384;
byte* hash_test[3];
byte hash1[WC_SHA384_DIGEST_SIZE];
byte hash2[2*WC_SHA384_DIGEST_SIZE];
byte hash3[5*WC_SHA384_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha384FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha384FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384FinalRaw(&sha384, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384FinalRaw */
/*
* Unit test function for wc_Sha384Free()
*/
static int test_wc_Sha384Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
printf(testingFmt, "wc_Sha384Free()");
wc_Sha384Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Free */
/*
* Unit test function for wc_Sha384GetHash()
*/
static int test_wc_Sha384GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte hash1[WC_SHA384_DIGEST_SIZE];
printf(testingFmt, "wc_Sha384GetHash()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_Sha384GetHash(&sha384, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha384GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384GetHash(&sha384, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384GetHash */
/*
* Unit test function for wc_Sha384Copy()
*/
static int test_wc_Sha384Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
wc_Sha384 temp;
printf(testingFmt, "wc_Sha384Copy()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_InitSha384(&temp);
}
if (flag == 0) {
flag = wc_Sha384Copy(&sha384, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha384Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384Copy(&sha384, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
wc_Sha384Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Copy */
/*
* Testing wc_InitSha224();
*/
static int test_wc_InitSha224 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
int ret;
printf(testingFmt, "wc_InitSha224()");
/* Test good arg. */
ret = wc_InitSha224(&sha224);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha224(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha224 */
/*
* Unit test on wc_Sha224Update
*/
static int test_wc_Sha224Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte hash[WC_SHA224_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha224(&sha224);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha224Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha224Update(&sha224, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha224Update(&sha224, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
"\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA224_DIGEST_SIZE;
ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Update */
/*
* Unit test for wc_Sha224Final();
*/
static int test_wc_Sha224Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte* hash_test[3];
byte hash1[WC_SHA224_DIGEST_SIZE];
byte hash2[2*WC_SHA224_DIGEST_SIZE];
byte hash3[5*WC_SHA224_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha224(&sha224);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_sha224Final()");
/* Testing oversized buffers. */
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha224Final(&sha224, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha224Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Final */
/*
* Unit test function for wc_Sha224SetFlags()
*/
static int test_wc_Sha224SetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
printf(testingFmt, "wc_Sha224SetFlags()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224SetFlags(&sha224, flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224SetFlags */
/*
* Unit test function for wc_Sha224GetFlags()
*/
static int test_wc_Sha224GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
printf(testingFmt, "wc_Sha224GetFlags()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224GetFlags(&sha224, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224GetFlags */
/*
* Unit test function for wc_Sha224Free()
*/
static int test_wc_Sha224Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
printf(testingFmt, "wc_Sha224Free()");
wc_Sha224Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Free */
/*
* Unit test function for wc_Sha224GetHash()
*/
static int test_wc_Sha224GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte hash1[WC_SHA224_DIGEST_SIZE];
printf(testingFmt, "wc_Sha224GetHash()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224GetHash(&sha224, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha224GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224GetHash(&sha224, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224GetHash */
/*
* Unit test function for wc_Sha224Copy()
*/
static int test_wc_Sha224Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
wc_Sha224 temp;
printf(testingFmt, "wc_Sha224Copy()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_InitSha224(&temp);
}
if (flag == 0) {
flag = wc_Sha224Copy(&sha224, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha224Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224Copy(&sha224, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
wc_Sha224Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Copy */
/*
* Testing wc_InitRipeMd()
*/
static int test_wc_InitRipeMd (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
int ret;
printf(testingFmt, "wc_InitRipeMd()");
/* Test good arg. */
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitRipeMd(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitRipeMd */
/*
* Testing wc_RipeMdUpdate()
*/
static int test_wc_RipeMdUpdate (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
byte hash[RIPEMD_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_RipeMdUpdate()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
"\xb0\x87\xf1\x5a\x0b\xfc";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = RIPEMD_DIGEST_SIZE;
ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_RipeMdUdpate */
/*
* Unit test function for wc_RipeMdFinal()
*/
static int test_wc_RipeMdFinal (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
byte* hash_test[3];
byte hash1[RIPEMD_DIGEST_SIZE];
byte hash2[2*RIPEMD_DIGEST_SIZE];
byte hash3[5*RIPEMD_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_RipeMdFinal()");
/* Testing oversized buffers. */
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_RipeMdFinal(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdFinal(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_RipeMdFinal */
/*
* Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
* wc_InitSha3_512
*/
static int test_wc_InitSha3 (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3)
wc_Sha3 sha3;
(void)sha3;
#if !defined(WOLFSSL_NOSHA3_224)
printf(testingFmt, "wc_InitSha3_224()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_224(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NOSHA3_224 */
#if !defined(WOLFSSL_NOSHA3_256)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_256()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_256(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_256 */
#endif /* NOSHA3_256 */
#if !defined(WOLFSSL_NOSHA3_384)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_384()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_384(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_384 */
#endif /* NOSHA3_384 */
#if !defined(WOLFSSL_NOSHA3_512)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_512()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_512(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_512 */
#endif /* NOSHA3_512 */
#endif
return ret;
} /* END test_wc_InitSha3 */
/*
* Testing wc_Sha3_Update()
*/
static int testing_wc_Sha3_Update (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
!defined(WOLFSSL_AFALG_XILINX)
wc_Sha3 sha3;
byte msg[] = "Everybody's working for the weekend.";
byte msg2[] = "Everybody gets Friday off.";
byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
"\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
"\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
"\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
"\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
word32 msglen = sizeof(msg) - 1;
word32 msg2len = sizeof(msg2);
word32 msgCmplen = sizeof(msgCmp);
#if !defined(WOLFSSL_NOSHA3_224)
printf(testingFmt, "wc_Sha3_224_Update()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_224_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_224_Free(&sha3);
if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_224_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* SHA3_224 */
#if !defined(WOLFSSL_NOSHA3_256)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_256_Update()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_256_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_256_Free(&sha3);
if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_256_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_256 */
#if !defined(WOLFSSL_NOSHA3_384)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_384_Update()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_384_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_384_Free(&sha3);
if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_384_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_384 */
#if !defined(WOLFSSL_NOSHA3_512)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_512_Update()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_512_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_512_Free(&sha3);
if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_512_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_512 */
#endif /* WOLFSSL_SHA3 */
return ret;
} /* END testing_wc_Sha3_Update */
/*
* Testing wc_Sha3_224_Final()
*/
static int test_wc_Sha3_224_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
"\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
"\x64\xea\xd0\xfc\xce\x33";
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte hashRet[WC_SHA3_224_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_224_Final()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_224_GetHash()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_224_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_224_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_224_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_224_Final */
/*
* Testing wc_Sha3_256_Final()
*/
static int test_wc_Sha3_256_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
"\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
"\xdd\x97\x49\x6d\x33\x76";
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte hashRet[WC_SHA3_256_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_256_Final()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_256_GetHash()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_256_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_256_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_256_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_256_Final */
/*
* Testing wc_Sha3_384_Final()
*/
static int test_wc_Sha3_384_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
"\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
"\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
"\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte hashRet[WC_SHA3_384_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_384_Final()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_384_GetHash()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_384_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_384_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_384_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_384_Final */
/*
* Testing wc_Sha3_512_Final()
*/
static int test_wc_Sha3_512_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
!defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
"\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
"\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
"\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
"\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte hashRet[WC_SHA3_512_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_512_Final()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_512_GetHash()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_512_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_512_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_512_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_512_Final */
/*
* Testing wc_Sha3_224_Copy()
*/
static int test_wc_Sha3_224_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_224_Copy()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_224_Free(&sha3);
return ret;
}
ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_224_Copy */
/*
* Testing wc_Sha3_256_Copy()
*/
static int test_wc_Sha3_256_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_256_Copy()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_256_Free(&sha3);
return ret;
}
ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_256_Copy */
/*
* Testing wc_Sha3_384_Copy()
*/
static int test_wc_Sha3_384_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_384_Copy()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_384_Free(&sha3);
return ret;
}
ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_384_Copy */
/*
* Testing wc_Sha3_512_Copy()
*/
static int test_wc_Sha3_512_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_512_Copy()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_512_Free(&sha3);
return ret;
}
ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_512_Copy */
/*
* Unit test function for wc_Sha3_GetFlags()
*/
static int test_wc_Sha3_GetFlags (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha3 sha3;
word32 flags = 0;
printf(testingFmt, "wc_Sha3_GetFlags()");
/* Initialize */
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
if (ret == 0) {
ret = wc_Sha3_GetFlags(&sha3, &flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_GetFlags */
static int test_wc_InitShake256 (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
printf(testingFmt, "wc_InitShake256()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitShake256(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitSha3 */
static int testing_wc_Shake256_Update (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
byte msg[] = "Everybody's working for the weekend.";
byte msg2[] = "Everybody gets Friday off.";
byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
"\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
"\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
"\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
"\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
word32 msglen = sizeof(msg) - 1;
word32 msg2len = sizeof(msg2);
word32 msgCmplen = sizeof(msgCmp);
printf(testingFmt, "wc_Shake256_Update()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Shake256_Update(&shake, msg, msglen);
if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Shake256_Update(&shake, msg2, msg2len);
if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Shake256_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Shake256_Update(&shake, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Shake256_Free(&shake);
if (wc_InitShake256(&shake, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Shake256_Update(&shake, NULL, 0);
if (ret == 0) {
ret = wc_Shake256_Update(&shake, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* WOLFSSL_SHAKE256 */
return ret;
}
static int test_wc_Shake256_Final (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
"\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
"\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
"\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
"\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
"\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
"\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
"\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
"\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
byte hash[114];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Shake256_Final()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
if (ret == 0) {
ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}
/*
* Testing wc_Shake256_Copy()
*/
static int test_wc_Shake256_Copy (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake, shakeCpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[144];
byte hashCpy[144];
word32 hashLen = sizeof(hash);
word32 hashLenCpy = sizeof(hashCpy);
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Shake256_Copy()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Shake256_Free(&shake);
return ret;
}
ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Shake256_Copy(&shakeCpy, &shake);
if (ret == 0) {
ret = wc_Shake256_Final(&shake, hash, hashLen);
if (ret == 0) {
ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Shake256_Copy(NULL, &shake);
if (ret == BAD_FUNC_ARG) {
ret = wc_Shake256_Copy(&shakeCpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Shake256_Copy */
/*
* Unit test function for wc_Shake256Hash()
*/
static int test_wc_Shake256Hash(void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
word32 len = sizeof(data);
byte hash[144];
word32 hashLen = sizeof(hash);
printf(testingFmt, "wc_Shake256Hash()");
ret = wc_Shake256Hash(data, len, hash, hashLen);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Shake256Hash */
/*
* unit test for wc_IdeaSetKey()
*/
static int test_wc_IdeaSetKey (void)
{
int ret = 0;
#ifdef HAVE_IDEA
Idea idea;
const byte key[] =
{
0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
};
int flag = 0;
printf(testingFmt, "wc_IdeaSetKey()");
/*IV can be NULL, default value is 0*/
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
if (ret == 0) {
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
}
/* Bad args. */
if (ret == 0) {
ret = wc_IdeaSetKey(NULL, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
if (ret != BAD_FUNC_ARG) {
flag = 1;
}
ret = wc_IdeaSetKey(&idea, NULL, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
if (ret != BAD_FUNC_ARG) {
flag = 1;
}
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE - 1,
NULL, IDEA_ENCRYPTION);
if (ret != BAD_FUNC_ARG) {
flag = 1;
}
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, -1);
if (ret != BAD_FUNC_ARG) {
flag = 1;
}
if (flag == 1) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
} /* END Test Bad Args. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_IdeaSetKey */
/*
* Unit test for wc_IdeaSetIV()
*/
static int test_wc_IdeaSetIV (void)
{
int ret = 0;
#ifdef HAVE_IDEA
Idea idea;
printf(testingFmt, "wc_IdeaSetIV()");
ret = wc_IdeaSetIV(&idea, NULL);
/* Test bad args. */
if (ret == 0) {
ret = wc_IdeaSetIV(NULL, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_IdeaSetIV */
/*
* Unit test for wc_IdeaCipher()
*/
static int test_wc_IdeaCipher (void)
{
int ret = 0;
#ifdef HAVE_IDEA
Idea idea;
const byte key[] =
{
0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48
};
const byte plain[] =
{
0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
};
byte enc[sizeof(plain)];
byte dec[sizeof(enc)];
printf(testingFmt, "wc_IdeaCipher()");
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
if (ret == 0) {
ret = wc_IdeaCipher(&idea, enc, plain);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
if (ret == 0) {
ret = wc_IdeaCipher(&idea, dec, enc);
}
if (ret == 0) {
ret = XMEMCMP(plain, dec, IDEA_BLOCK_SIZE);
}
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass Bad Args. */
if (ret == 0) {
ret = wc_IdeaCipher(NULL, enc, dec);
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCipher(&idea, NULL, dec);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCipher(&idea, enc, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_IdeaCipher */
/*
* Unit test for functions wc_IdeaCbcEncrypt and wc_IdeaCbcDecrypt
*/
static int test_wc_IdeaCbcEncyptDecrypt (void)
{
int ret = 0;
#ifdef HAVE_IDEA
Idea idea;
const byte key[] =
{
0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
};
const char* message = "International Data Encryption Algorithm";
byte msg_enc[40];
byte msg_dec[40];
printf(testingFmt, "wc_IdeaCbcEncrypt()");
ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_ENCRYPTION);
if (ret == 0) {
ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
(word32)XSTRLEN(message) + 1);
}
if (ret == 0) {
ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_DECRYPTION);
}
if (ret == 0) {
ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
(word32)XSTRLEN(message) + 1);
if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. Enc */
if (ret == 0) {
ret = wc_IdeaCbcEncrypt(NULL, msg_enc, (byte*)message,
(word32)XSTRLEN(message) + 1);
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCbcEncrypt(&idea, NULL, (byte*)message,
(word32)XSTRLEN(message) + 1);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCbcEncrypt(&idea, msg_enc, NULL,
(word32)XSTRLEN(message) + 1);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
} /* END test bad args ENC */
/* Test bad args DEC */
if (ret == 0) {
ret = wc_IdeaCbcDecrypt(NULL, msg_dec, msg_enc,
(word32)XSTRLEN(message) + 1);
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCbcDecrypt(&idea, NULL, msg_enc,
(word32)XSTRLEN(message) + 1);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_IdeaCbcDecrypt(&idea, msg_dec, NULL,
(word32)XSTRLEN(message) + 1);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_IdeaCbcEncryptDecrypt */
/*
* Test function for wc_HmacSetKey
*/
static int test_wc_Md5HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacSetKey */
/*
* testing wc_HmacSetKey() on wc_Sha hash.
*/
static int test_wc_ShaHmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacSetKey() */
/*
* testing wc_HmacSetKey() on Sha224 hash.
*/
static int test_wc_Sha224HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA 224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacSetKey() */
/*
* testing wc_HmacSetKey() on Sha256 hash
*/
static int test_wc_Sha256HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacSetKey() */
/*
* testing wc_HmacSetKey on Sha384 hash.
*/
static int test_wc_Sha384HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacSetKey() */
/*
* testing wc_HmacUpdate on wc_Md5 hash.
*/
static int test_wc_Md5HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacUpdate */
/*
* testing wc_HmacUpdate on SHA hash.
*/
static int test_wc_ShaHmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacUpdate */
/*
* testing wc_HmacUpdate on SHA224 hash.
*/
static int test_wc_Sha224HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacUpdate */
/*
* testing wc_HmacUpdate on SHA256 hash.
*/
static int test_wc_Sha256HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with WC_SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacUpdate */
/*
* testing wc_HmacUpdate on SHA384 hash.
*/
static int test_wc_Sha384HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacUpdate */
/*
* Testing wc_HmacFinal() with MD5
*/
static int test_wc_Md5HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
Hmac hmac;
byte hash[WC_MD5_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
"\x9d";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacFinal */
/*
* Testing wc_HmacFinal() with SHA
*/
static int test_wc_ShaHmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
byte hash[WC_SHA_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
"\x8e\xf1\x46\xbe\x00";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacFinal */
/*
* Testing wc_HmacFinal() with SHA224
*/
static int test_wc_Sha224HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
byte hash[WC_SHA224_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
"\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacFinal */
/*
* Testing wc_HmacFinal() with SHA256
*/
static int test_wc_Sha256HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
byte hash[WC_SHA256_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
"\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
"\xcf\xf7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with WC_SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacFinal */
/*
* Testing wc_HmacFinal() with SHA384
*/
static int test_wc_Sha384HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
byte hash[WC_SHA384_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
"\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
"\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
"\xfa\x9c\xb6";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacFinal */
/*
* Testing wc_InitCmac()
*/
static int test_wc_InitCmac (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
Cmac cmac1, cmac2, cmac3;
/* AES 128 key. */
byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x10\x11\x12\x13\x14\x15\x16";
/* AES 192 key. */
byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16"
"\x01\x02\x03\x04\x05\x06\x07\x08";
/* AES 256 key. */
byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16"
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16";
word32 key1Sz = (word32)sizeof(key1) - 1;
word32 key2Sz = (word32)sizeof(key2) - 1;
word32 key3Sz = (word32)sizeof(key3) - 1;
int type = WC_CMAC_AES;
printf(testingFmt, "wc_InitCmac()");
#ifdef WOLFSSL_AES_128
ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0)
ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0)
ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
(void)key1;
(void)key1Sz;
(void)key2;
(void)key2Sz;
(void)cmac1;
(void)cmac2;
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitCmac */
/*
* Testing wc_CmacUpdate()
*/
static int test_wc_CmacUpdate (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
};
byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
"\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
"\xb3\x78\xcf\x85\x22\x41\x74\xd9"
"\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
"\xf4";
word32 inSz = (word32)sizeof(in) - 1;
word32 keySz = (word32)sizeof(key);
int type = WC_CMAC_AES;
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_CmacUpdate()");
ret = wc_CmacUpdate(&cmac, in, inSz);
/* Test bad args. */
if (ret == 0) {
ret = wc_CmacUpdate(NULL, in, inSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacUpdate(&cmac, NULL, 30);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_CmacUpdate */
/*
* Testing wc_CmacFinal()
*/
static int test_wc_CmacFinal (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
};
byte msg[] =
{
0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
0xf4
};
/* Test vectors from CMACGenAES128.rsp from
* http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
* Per RFC4493 truncation of lsb is possible.
*/
byte expMac[] =
{
0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
};
byte mac[AES_BLOCK_SIZE];
word32 msgSz = (word32)sizeof(msg);
word32 keySz = (word32)sizeof(key);
word32 macSz = sizeof(mac);
word32 badMacSz = 17;
int expMacSz = sizeof(expMac);
int type = WC_CMAC_AES;
XMEMSET(mac, 0, macSz);
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
ret = wc_CmacUpdate(&cmac, msg, msgSz);
printf(testingFmt, "wc_CmacFinal()");
if (ret == 0) {
ret = wc_CmacFinal(&cmac, mac, &macSz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_CmacFinal(NULL, mac, &macSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacFinal(&cmac, NULL, &macSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacFinal(&cmac, mac, &badMacSz);
if (ret == BUFFER_E) {
ret = 0;
}
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_CmacFinal */
/*
* Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
*/
static int test_wc_AesCmacGenerate (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
};
byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
"\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
"\x3d\x32\x65\x4c\x66\x23\xc5";
byte mac[AES_BLOCK_SIZE];
word32 keySz = sizeof(key);
word32 macSz = sizeof(mac);
word32 msgSz = sizeof(msg) - 1;
word32 expMacSz = sizeof(expMac) - 1;
int type = WC_CMAC_AES;
XMEMSET(mac, 0, macSz);
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
ret = wc_CmacUpdate(&cmac, msg, msgSz);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_AesCmacGenerate()");
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_AesCmacVerify()");
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif
return ret;
} /* END test_wc_AesCmacGenerate */
/*
* Testing streaming AES-GCM API.
*/
static int test_wc_AesGcmStream (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_AESGCM_STREAM)
int i;
WC_RNG rng[1];
Aes aesEnc[1];
Aes aesDec[1];
byte tag[AES_BLOCK_SIZE];
byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
byte out[AES_BLOCK_SIZE * 3 + 2];
byte plain[AES_BLOCK_SIZE * 3 + 2];
byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
byte key[AES_128_KEY_SIZE] = { 0, };
byte iv[AES_IV_SIZE] = { 1, };
byte ivOut[AES_IV_SIZE];
static const byte expTagAAD1[AES_BLOCK_SIZE] = {
0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
};
static const byte expTagPlain1[AES_BLOCK_SIZE] = {
0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
};
static const byte expTag[AES_BLOCK_SIZE] = {
0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
};
/* Create a random for generating IV/nonce. */
AssertIntEQ(wc_InitRng(rng), 0);
/* Initialize data structures. */
AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
/* BadParameters to streaming init. */
AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
BAD_FUNC_ARG);
/* Bad parameters to encrypt update. */
AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
BAD_FUNC_ARG);
/* Bad parameters to decrypt update. */
AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
BAD_FUNC_ARG);
/* Bad parameters to encrypt final. */
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
BAD_FUNC_ARG);
/* Bad parameters to decrypt final. */
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
BAD_FUNC_ARG);
/* Check calling final before setting key fails. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
/* Check calling update before setting key else fails. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
MISSING_KEY);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
MISSING_KEY);
/* Set key but not IV. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
/* Check calling final before setting IV fails. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
/* Check calling update before setting IV else fails. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
MISSING_IV);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
MISSING_IV);
/* Set IV using fixed part IV and external IV APIs. */
AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
rng), 0);
AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
GCM_NONCE_MID_SZ), 0);
AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
/* Encrypt and decrypt data. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
AssertIntEQ(XMEMCMP(plain, in, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encrypt/decrypt one block and AAD of one block. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* No data to encrypt/decrypt one byte of AAD. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encrypt/decrypt one byte and no AAD. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
AssertIntEQ(XMEMCMP(plain, in, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encryption AES is one byte at a time */
for (i = 0; i < (int)sizeof(aad); i++) {
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
0);
}
for (i = 0; i < (int)sizeof(in); i++) {
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
0);
}
/* Decryption AES is two bytes at a time */
for (i = 0; i < (int)sizeof(aad); i += 2) {
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
0);
}
for (i = 0; i < (int)sizeof(aad); i += 2) {
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
0), 0);
}
AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Check streaming encryption can be decrypted with one shot. */
AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
wc_AesFree(aesEnc);
wc_AesFree(aesDec);
wc_FreeRng(rng);
#endif
return ret;
} /* END test_wc_AesGcmStream */
/*
* unit test for wc_Des3_SetIV()
*/
static int test_wc_Des3_SetIV (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
printf(testingFmt, "wc_Des3_SetIV()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
/* DES_ENCRYPTION or DES_DECRYPTION */
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
/* Test explicitly wc_Des3_SetIV() */
if (ret == 0) {
ret = wc_Des3_SetIV(NULL, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetIV(&des, NULL);
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_SetIV */
/*
* unit test for wc_Des3_SetKey()
*/
static int test_wc_Des3_SetKey (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
printf(testingFmt, "wc_Des3_SetKey()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
/* DES_ENCRYPTION or DES_DECRYPTION */
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetKey(&des, key, iv, -1);
}
if (ret == BAD_FUNC_ARG) {
/* Default case. Should return 0. */
ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
}
} /* END if ret != 0 */
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_SetKey */
/*
* Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
*/
static int test_wc_Des3_CbcEncryptDecrypt (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
byte cipher[24];
byte plain[24];
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
printf(testingFmt, "wc_Des3_CbcEncrypt()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);
if (ret == 0) {
ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
}
if (ret == 0) {
ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
}
}
if (ret == 0) {
if (XMEMCMP(plain, vector, 24) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END wc_Des3_CbcEncrypt */
/*
* Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
*/
static int test_wc_Des3_CbcEncryptDecryptWithKey (void)
{
int ret = 0;
#ifndef NO_DES3
word32 vectorSz, cipherSz;
byte cipher[24];
byte plain[24];
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
vectorSz = sizeof(byte) * 24;
cipherSz = sizeof(byte) * 24;
printf(testingFmt, "wc_Des3_CbcEncryptWithKey()");
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
if (ret == 0) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
if (ret == 0) {
if (XMEMCMP(plain, vector, 24) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* pass in bad args. */
if (ret == 0) {
ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
key, NULL);
} else {
/* Return code catch. */
ret = WOLFSSL_FAILURE;
}
}
if (ret == 0) {
ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
} else {
ret = WOLFSSL_FAILURE;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
/*
* Unit test for wc_Des3_EcbEncrypt
*/
static int test_wc_Des3_EcbEncrypt (void)
{
int ret = 0;
#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
Des3 des;
byte cipher[24];
word32 cipherSz = sizeof(cipher);
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
printf(testingFmt, "wc_Des3_EcbEncrypt()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
return ret;
}
if (ret == 0 ) {
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
}
/* Bad Cases */
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Cases */
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz);
}
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_EcbEncrypt */
/*
* Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
*/
static int test_wc_Chacha_SetKey (void)
{
int ret = 0;
#ifdef HAVE_CHACHA
ChaCha ctx;
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
byte cipher[128];
printf(testingFmt, "wc_Chacha_SetKey()");
ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
/* Test bad args. */
if (ret == 0) {
ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
if (ret == BAD_FUNC_ARG) {
ret = wc_Chacha_SetKey(&ctx, key, 18);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_Chacha_SetIV");
ret = wc_Chacha_SetIV(&ctx, cipher, 0);
if (ret == 0) {
/* Test bad args. */
ret = wc_Chacha_SetIV(NULL, cipher, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FAILURE;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Chacha_SetKey */
/*
* unit test for wc_Poly1305SetKey()
*/
static int test_wc_Poly1305SetKey(void)
{
int ret = 0;
#ifdef HAVE_POLY1305
Poly1305 ctx;
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
printf(testingFmt, "wc_Poly1305_SetKey()");
ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
/* Test bad args. */
if (ret == 0) {
ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
if(ret == BAD_FUNC_ARG) {
ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Poly1305SetKey(&ctx, key, 18);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Poly1305_SetKey() */
/*
* Testing wc_Chacha_Process()
*/
static int test_wc_Chacha_Process (void)
{
int ret = 0;
#ifdef HAVE_CHACHA
ChaCha enc, dec;
byte cipher[128];
byte plain[128];
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
const char* input = "Everybody gets Friday off.";
word32 keySz = sizeof(key)/sizeof(byte);
unsigned long int inlen = XSTRLEN(input);
/*Initialize stack varialbes.*/
XMEMSET(cipher, 0, 128);
XMEMSET(plain, 0, 128);
printf(testingFmt, "wc_Chacha_Process()");
ret = wc_Chacha_SetKey(&enc, key, keySz);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetKey(&dec, key, keySz);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&enc, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&dec, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
AssertIntEQ(ret, 0);
ret = XMEMCMP(input, plain, (int)inlen);
AssertIntEQ(ret, 0);
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
/* test checking and using leftovers, currently just in C code */
ret = wc_Chacha_SetIV(&enc, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&dec, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
(byte*)input + (inlen - 2), 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
(byte*)input + (inlen - 2), 2);
AssertIntEQ(ret, 0);
ret = XMEMCMP(input, plain, (int)inlen);
AssertIntEQ(ret, 0);
/* check edge cases with counter increment */
{
/* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
const byte expected[] = {
0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
};
const byte iv2[] = {
0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
};
byte input2[256];
int i;
for (i = 0; i < 256; i++)
input2[i] = i;
ret = wc_Chacha_SetIV(&enc, iv2, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, input2, 64);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);
ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
/* partial */
ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
}
#endif
/* Test bad args. */
ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
AssertIntEQ(ret, BAD_FUNC_ARG);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Chacha_Process */
/*
* Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
*/
static int test_wc_ChaCha20Poly1305_aead (void)
{
int ret = 0;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
const byte key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
const byte plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
0x74, 0x2e
};
const byte iv[] = {
0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
0x44, 0x45, 0x46, 0x47
};
const byte aad[] = { /* additional data */
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7
};
const byte cipher[] = { /* expected output from operation */
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
0x61, 0x16
};
const byte authTag[] = { /* expected output from operation */
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
};
byte generatedCiphertext[272];
byte generatedPlaintext[272];
byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
/* Initialize stack variables. */
XMEMSET(generatedCiphertext, 0, 272);
XMEMSET(generatedPlaintext, 0, 272);
/* Test Encrypt */
printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()");
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, 0);
ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
AssertIntEQ(ret, 0);
/* Test bad args. */
ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
plaintext, sizeof(plaintext),
generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, 0, generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, sizeof(plaintext), NULL, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, sizeof(plaintext), generatedCiphertext, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()");
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, 0);
ret = XMEMCMP(generatedPlaintext, plaintext,
sizeof(plaintext)/sizeof(byte));
AssertIntEQ(ret, 0);
/* Test bad args. */
ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
cipher, sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), NULL, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, NULL);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
0, authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */
/*
* Testing function for wc_Rc2SetKey().
*/
static int test_wc_Rc2SetKey(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
printf(testingFmt, "wc_Rc2SetKey()");
/* valid key and IV */
ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == 0) {
/* valid key, no IV */
ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
NULL, 40);
}
/* bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null key */
ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* key size == 0 */
ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* key size > 128 */
ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* effective bits == 0 */
ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
iv, 0);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* effective bits > 1024 */
ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
iv, 1025);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2SetIV().
*/
static int test_wc_Rc2SetIV(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
printf(testingFmt, "wc_Rc2SetIV()");
/* valid IV */
ret = wc_Rc2SetIV(&rc2, iv);
if (ret == 0) {
/* valid NULL IV */
ret = wc_Rc2SetIV(&rc2, NULL);
}
/* bad arguments */
if (ret == 0) {
ret = wc_Rc2SetIV(NULL, iv);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2EcbEncrypt().
*/
static int test_wc_Rc2EcbEncryptDecrypt(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
int effectiveKeyBits = 63;
byte cipher[RC2_BLOCK_SIZE];
byte plain[RC2_BLOCK_SIZE];
byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
printf(testingFmt, "wc_Rc2EcbEncryptDecrypt()");
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
NULL, effectiveKeyBits);
if (ret == 0) {
ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Rc2EcbEncrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* output buffer sz != RC2_BLOCK_SIZE (8) */
ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7);
if (ret == BUFFER_E) {
ret = 0;
}
}
/* Rc2EcbDecrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* output buffer sz != RC2_BLOCK_SIZE (8) */
ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7);
if (ret == BUFFER_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2CbcEncrypt().
*/
static int test_wc_Rc2CbcEncryptDecrypt(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
int effectiveKeyBits = 63;
byte cipher[RC2_BLOCK_SIZE*2];
byte plain[RC2_BLOCK_SIZE*2];
/* vector taken from test.c */
byte key[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte iv[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte input[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte output[] = {
0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
};
printf(testingFmt, "wc_Rc2CbcEncryptDecrypt()");
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
iv, effectiveKeyBits);
if (ret == 0) {
ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input));
if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
/* reset IV for decrypt */
ret = wc_Rc2SetIV(&rc2, iv);
}
if (ret == 0) {
ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher));
if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Rc2CbcEncrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Rc2CbcDecrypt bad arguments */
if (ret == 0) {
/* in size is 0 */
ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_AesSetIV
*/
static int test_wc_AesSetIV (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
Aes aes;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte iv1[] = "1234567890abcdef";
byte iv2[] = "0987654321fedcba";
printf(testingFmt, "wc_AesSetIV()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
iv1, AES_ENCRYPTION);
if(ret == 0) {
ret = wc_AesSetIV(&aes, iv2);
}
/* Test bad args. */
if(ret == 0) {
ret = wc_AesSetIV(NULL, iv1);
if(ret == BAD_FUNC_ARG) {
/* NULL iv should return 0. */
ret = wc_AesSetIV(&aes, NULL);
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* test_wc_AesSetIV */
/*
* Testing function for wc_AesSetKey().
*/
static int test_wc_AesSetKey (void)
{
int ret = 0;
#ifndef NO_AES
Aes aes;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
byte iv[] = "1234567890abcdef";
printf(testingFmt, "wc_AesSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
iv, AES_ENCRYPTION);
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
iv, AES_ENCRYPTION);
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
iv, AES_ENCRYPTION);
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
iv, AES_ENCRYPTION);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesSetKey(&aes, badKey16,
(word32) sizeof(badKey16) / sizeof(byte),
iv, AES_ENCRYPTION);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesSetKey */
/*
* test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
* and wc_AesCbcDecryptWithKey()
*/
static int test_wc_AesCbcEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
defined(WOLFSSL_AES_256)
Aes aes;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all good men w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
};
byte iv[] = "1234567890abcdef";
byte enc[sizeof(vector)];
byte dec[sizeof(vector)];
int cbcE = WOLFSSL_FATAL_ERROR;
int cbcD = WOLFSSL_FATAL_ERROR;
int cbcDWK = WOLFSSL_FATAL_ERROR;
byte dec2[sizeof(vector)];
/* Init stack variables. */
XMEMSET(enc, 0, sizeof(enc));
XMEMSET(dec, 0, sizeof(vector));
XMEMSET(dec2, 0, sizeof(vector));
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
if (ret == 0) {
/* Re init for decrypt and set flag. */
cbcE = 0;
wc_AesFree(&aes);
ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
iv, AES_DECRYPTION);
}
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
/* Set flag. */
cbcD = 0;
}
}
}
/* If encrypt succeeds but cbc decrypt fails, we can still test. */
if (ret == 0 || cbcE == 0) {
ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
cbcDWK = 0;
}
}
printf(testingFmt, "wc_AesCbcEncrypt()");
/* Pass in bad args */
if (cbcE == 0) {
cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
if (cbcE == BAD_FUNC_ARG) {
cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
}
if (cbcE == BAD_FUNC_ARG) {
cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
}
if (cbcE == BAD_FUNC_ARG) {
cbcE = 0;
} else {
cbcE = WOLFSSL_FATAL_ERROR;
}
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (cbcE == 0) {
cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
}
if (cbcE == BAD_LENGTH_E) {
cbcE = 0;
} else {
cbcE = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (cbcE == 0) {
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
printf("Zero length inputs not supported with AESNI in FIPS mode (v2),"
" skip test");
#else
/* Test passing in size of 0 */
XMEMSET(enc, 0, sizeof(enc));
cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
if (cbcE == 0) {
/* Check enc was not modified */
int i;
for (i = 0; i < (int)sizeof(enc); i++)
cbcE |= enc[i];
}
#endif
}
printf(resultFmt, cbcE == 0 ? passed : failed);
if (cbcE != 0) {
wc_AesFree(&aes);
return cbcE;
}
printf(testingFmt, "wc_AesCbcDecrypt()");
if (cbcD == 0) {
cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
}
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
}
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
}
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (cbcD == BAD_LENGTH_E) {
cbcD = 0;
} else {
cbcD = WOLFSSL_FATAL_ERROR;
}
#else
if (cbcD == BAD_FUNC_ARG) {
cbcD = 0;
} else {
cbcD = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (cbcD == 0) {
/* Test passing in size of 0 */
XMEMSET(dec, 0, sizeof(dec));
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
if (cbcD == 0) {
/* Check dec was not modified */
int i;
for (i = 0; i < (int)sizeof(dec); i++)
cbcD |= dec[i];
}
}
printf(resultFmt, cbcD == 0 ? passed : failed);
if (cbcD != 0) {
wc_AesFree(&aes);
return cbcD;
}
printf(testingFmt, "wc_AesCbcDecryptWithKey()");
if (cbcDWK == 0) {
cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
NULL, sizeof(key32)/sizeof(byte), iv);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), NULL);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = 0;
} else {
cbcDWK = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, cbcDWK == 0 ? passed : failed);
if (cbcDWK != 0) {
return cbcDWK;
}
#endif
return ret;
} /* END test_wc_AesCbcEncryptDecrypt */
/*
* Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
*/
static int test_wc_AesCtrEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
Aes aesEnc, aesDec;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte iv[] = "1234567890abcdef";
byte enc[AES_BLOCK_SIZE * 2];
byte dec[AES_BLOCK_SIZE * 2];
/* Init stack variables. */
XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
printf(testingFmt, "wc_AesCtrEncrypt()");
ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
if (ret != 0) {
wc_AesFree(&aesEnc);
return ret;
}
ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
sizeof(vector)/sizeof(byte));
if (ret == 0) {
/* Decrypt with wc_AesCtrEncrypt() */
ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
iv, AES_ENCRYPTION);
}
if (ret == 0) {
ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aesEnc);
wc_AesFree(&aesDec);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesCtrEncryptDecrypt */
/*
* test function for wc_AesGcmSetKey()
*/
static int test_wc_AesGcmSetKey (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Aes aes;
#ifdef WOLFSSL_AES_128
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
byte badKey24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
};
byte badKey32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
printf(testingFmt, "wc_AesGcmSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesGcmSetKey */
/*
* test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
*/
static int test_wc_AesGcmEncryptDecrypt (void)
{
int ret = 0;
/* WOLFSSL_AFALG requires 12 byte IV */
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
!defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
Aes aes;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
byte iv[] = "1234567890a";
byte longIV[] = "1234567890abcdefghij";
byte enc[sizeof(vector)];
byte resultT[AES_BLOCK_SIZE];
byte dec[sizeof(vector)];
int gcmD = WOLFSSL_FATAL_ERROR;
int gcmE = WOLFSSL_FATAL_ERROR;
/* Init stack variables. */
XMEMSET(enc, 0, sizeof(vector));
XMEMSET(dec, 0, sizeof(vector));
XMEMSET(resultT, 0, AES_BLOCK_SIZE);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
if (ret == 0) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmE == 0) { /* If encrypt fails, no decrypt. */
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
gcmD = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_AesGcmEncrypt()");
/*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
if (gcmE == 0) {
gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, sizeof(iv)/sizeof(byte),
resultT, sizeof(resultT) + 1, a, sizeof(a));
}
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, sizeof(iv)/sizeof(byte),
resultT, sizeof(resultT) - 5, a, sizeof(a));
}
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
/* FIPS does not check the lower bound of ivSz */
#else
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, 0,
resultT, sizeof(resultT), a, sizeof(a));
}
#endif
if (gcmE == BAD_FUNC_ARG) {
gcmE = 0;
} else {
gcmE = WOLFSSL_FATAL_ERROR;
}
}
/* This case is now considered good. Long IVs are now allowed.
* Except for the original FIPS release, it still has an upper
* bound on the IV length. */
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
if (gcmE == 0) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
}
#else
(void)longIV;
#endif /* Old FIPS */
/* END wc_AesGcmEncrypt */
printf(resultFmt, gcmE == 0 ? passed : failed);
if (gcmE != 0) {
wc_AesFree(&aes);
return gcmE;
}
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesGcmDecrypt()");
if (gcmD == 0) {
gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
NULL, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), NULL,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT) + 1, a, sizeof(a));
}
#if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
/* FIPS does not check the lower bound of ivSz */
#else
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, 0, resultT,
sizeof(resultT), a, sizeof(a));
}
#endif
if (gcmD == BAD_FUNC_ARG) {
gcmD = 0;
} else {
gcmD = WOLFSSL_FATAL_ERROR;
}
} /* END wc_AesGcmDecrypt */
printf(resultFmt, gcmD == 0 ? passed : failed);
#endif /* HAVE_AES_DECRYPT */
wc_AesFree(&aes);
#endif
return ret;
} /* END test_wc_AesGcmEncryptDecrypt */
/*
* unit test for wc_GmacSetKey()
*/
static int test_wc_GmacSetKey (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Gmac gmac;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
};
byte badKey24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
byte badKey32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
printf(testingFmt, "wc_GmacSetKey()");
ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&gmac.aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_GmacSetKey */
/*
* unit test for wc_GmacUpdate
*/
static int test_wc_GmacUpdate (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Gmac gmac;
#ifdef WOLFSSL_AES_128
const byte key16[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
#endif
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
};
#endif
#ifdef WOLFSSL_AES_128
const byte authIn[] =
{
0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
};
#endif
#ifdef WOLFSSL_AES_192
const byte authIn2[] =
{
0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
};
#endif
const byte authIn3[] =
{
0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
};
#ifdef WOLFSSL_AES_128
const byte tag1[] = /* Known. */
{
0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
#endif
#ifdef WOLFSSL_AES_192
const byte tag2[] = /* Known */
{
0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
};
#endif
const byte tag3[] = /* Known */
{
0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
};
#ifdef WOLFSSL_AES_128
const byte iv[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
#endif
#ifdef WOLFSSL_AES_192
const byte iv2[] =
{
0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
0x7e, 0x1a, 0x6f, 0xbc
};
#endif
const byte iv3[] =
{
0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
0xc3, 0xfb, 0x6c, 0x8a
};
byte tagOut[16];
byte tagOut2[24];
byte tagOut3[32];
/* Init stack variables. */
XMEMSET(tagOut, 0, sizeof(tagOut));
XMEMSET(tagOut2, 0, sizeof(tagOut2));
XMEMSET(tagOut3, 0, sizeof(tagOut3));
printf(testingFmt, "wc_GmacUpdate()");
ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
tagOut, sizeof(tag1));
if (ret == 0) {
ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
}
}
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
XMEMSET(&gmac, 0, sizeof(Gmac));
ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
}
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
sizeof(authIn2), tagOut2, sizeof(tag2));
}
if (ret == 0) {
ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
XMEMSET(&gmac, 0, sizeof(Gmac));
ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
}
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3));
}
if (ret == 0) {
ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
}
#endif
/*Pass bad args. */
if (ret == 0) {
ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3));
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&gmac.aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_GmacUpdate */
/*
* testing wc_CamelliaSetKey
*/
static int test_wc_CamelliaSetKey (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
/*128-bit key*/
static const byte key16[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
/* 192-bit key */
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
/* 256-bit key */
static const byte key32[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
};
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
printf(testingFmt, "wc_CamelliaSetKey()");
ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key16,
(word32)sizeof(key16), NULL);
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24,
(word32)sizeof(key24), iv);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24,
(word32)sizeof(key24), NULL);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key32,
(word32)sizeof(key32), iv);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key32,
(word32)sizeof(key32), NULL);
}
}
/* Bad args. */
if (ret == 0) {
ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
} /* END bad args. */
#endif
return ret;
} /* END test_wc_CammeliaSetKey */
/*
* Testing wc_CamelliaSetIV()
*/
static int test_wc_CamelliaSetIV (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
printf(testingFmt, "wc_CamelliaSetIV()");
ret = wc_CamelliaSetIV(&camellia, iv);
if (ret == 0) {
ret = wc_CamelliaSetIV(&camellia, NULL);
}
/* Bad args. */
if (ret == 0) {
ret = wc_CamelliaSetIV(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END test_wc_CamelliaSetIV*/
/*
* Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
*/
static int test_wc_CamelliaEncryptDecryptDirect (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
static const byte plainT[] =
{
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
};
byte enc[sizeof(plainT)];
byte dec[sizeof(enc)];
int camE = WOLFSSL_FATAL_ERROR;
int camD = WOLFSSL_FATAL_ERROR;
/*Init stack variables.*/
XMEMSET(enc, 0, 16);
XMEMSET(enc, 0, 16);
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
if (ret == 0) {
ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
if (ret == 0) {
ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_CamelliaEncryptDirect()");
/* Pass bad args. */
if (ret == 0) {
camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
if (camE == BAD_FUNC_ARG) {
camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
}
if (camE == BAD_FUNC_ARG) {
camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
}
if (camE == BAD_FUNC_ARG) {
camE = 0;
} else {
camE = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camE == 0 ? passed : failed);
if (camE != 0) {
return camE;
}
printf(testingFmt, "wc_CamelliaDecryptDirect()");
if (ret == 0) {
camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
if (camD == BAD_FUNC_ARG) {
camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
}
if (camD == BAD_FUNC_ARG) {
camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
}
if (camD == BAD_FUNC_ARG) {
camD = 0;
} else {
camD = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camD == 0 ? passed : failed);
if (camD != 0) {
return camD;
}
#endif
return ret;
} /* END test-wc_CamelliaEncryptDecryptDirect */
/*
* Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
*/
static int test_wc_CamelliaCbcEncryptDecrypt (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
static const byte plainT[] =
{
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
};
byte enc[CAMELLIA_BLOCK_SIZE];
byte dec[CAMELLIA_BLOCK_SIZE];
int camCbcE = WOLFSSL_FATAL_ERROR;
int camCbcD = WOLFSSL_FATAL_ERROR;
/* Init stack variables. */
XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
if (ret == 0) {
ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
if (ret == 0) {
ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_CamelliaCbcEncrypt");
/* Pass in bad args. */
if (ret == 0) {
camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = 0;
} else {
camCbcE = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camCbcE == 0 ? passed : failed);
if (camCbcE != 0) {
return camCbcE;
}
printf(testingFmt, "wc_CamelliaCbcDecrypt()");
if (ret == 0) {
camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = 0;
} else {
camCbcD = WOLFSSL_FATAL_ERROR;
}
} /* END bad args. */
printf(resultFmt, camCbcD == 0 ? passed : failed);
if (camCbcD != 0) {
return camCbcD;
}
#endif
return ret;
} /* END test_wc_CamelliaCbcEncryptDecrypt */
/*
* Testing wc_RabbitSetKey()
*/
static int test_wc_RabbitSetKey (void)
{
int ret = 0;
#ifndef NO_RABBIT
Rabbit rabbit;
const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
"\xFE\x36\x3D\x2E\x29\x13\x28\x91";
const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
printf(testingFmt, "wc_RabbitSetKey()");
ret = wc_RabbitSetKey(&rabbit, (byte*)key, (byte*)iv);
/* Test bad args. */
if (ret == 0) {
ret = wc_RabbitSetKey(NULL, (byte*)key, (byte*)iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_RabbitSetKey(&rabbit, NULL, (byte*)iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RabbitSetKey(&rabbit, (byte*)key, NULL);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RabbitSetKey */
/*
* Test wc_RabbitProcess()
*/
static int test_wc_RabbitProcess (void)
{
int ret = 0;
#if !defined(NO_RABBIT) && !defined(BIG_ENDIAN_ORDER)
Rabbit enc, dec;
byte cipher[25];
byte plain[25];
const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
"\xFE\x36\x3D\x2E\x29\x13\x28\x91";
const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
const char* input = TEST_STRING;
unsigned long int inlen = (unsigned long int)TEST_STRING_SZ;
/* Initialize stack variables. */
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
printf(testingFmt, "wc_RabbitProcess()");
ret = wc_RabbitSetKey(&enc, (byte*)key, (byte*)iv);
if (ret == 0) {
ret = wc_RabbitSetKey(&dec, (byte*)key, (byte*)iv);
}
if (ret == 0) {
ret = wc_RabbitProcess(&enc, cipher, (byte*)input, (word32)inlen);
}
if (ret == 0) {
ret = wc_RabbitProcess(&dec, plain, cipher, (word32)inlen);
if (ret != 0 || XMEMCMP(input, plain, inlen)) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_RabbitProcess(NULL, plain, cipher, (word32)inlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_RabbitProcess(&dec, NULL, cipher, (word32)inlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RabbitProcess(&dec, plain, NULL, (word32)inlen);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RabbitProcess */
/*
* Testing wc_Arc4SetKey()
*/
static int test_wc_Arc4SetKey (void)
{
int ret = 0;
#ifndef NO_RC4
Arc4 arc;
const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
int keyLen = 8;
printf(testingFmt, "wc_Arch4SetKey()");
ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
/* Test bad args. */
if (ret == 0) {
ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
if (ret == BAD_FUNC_ARG)
ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
if (ret == BAD_FUNC_ARG)
ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
if (ret == BAD_FUNC_ARG)
ret = WOLFSSL_ERROR_NONE;
else
ret = WOLFSSL_FATAL_ERROR;
} /* END test bad args. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Arc4SetKey */
/*
* Testing wc_Arc4Process for ENC/DEC.
*/
static int test_wc_Arc4Process (void)
{
int ret = 0;
#ifndef NO_RC4
Arc4 enc, dec;
const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
int keyLen = 8;
const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
byte cipher[8];
byte plain[8];
/* Init stack variables */
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
/* Use for async. */
ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
}
printf(testingFmt, "wc_Arc4Process()");
if (ret == 0) {
ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
}
if (ret == 0) {
ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
}
if (ret == 0) {
ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
}
if (ret == 0) {
ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
/* Bad args. */
if (ret == 0) {
ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_Arc4Free(&enc);
wc_Arc4Free(&dec);
#endif
return ret;
}/* END test_wc_Arc4Process */
/*
* Testing wc_Init RsaKey()
*/
static int test_wc_InitRsaKey (void)
{
int ret = 0;
#ifndef NO_RSA
RsaKey key;
printf(testingFmt, "wc_InitRsaKey()");
ret = wc_InitRsaKey(&key, NULL);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitRsaKey(NULL, NULL);
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
#else
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
#endif
ret = WOLFSSL_FATAL_ERROR;
}
} /* end if */
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitRsaKey */
/*
* Testing wc_RsaPrivateKeyDecode()
*/
static int test_wc_RsaPrivateKeyDecode (void)
{
int ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
|| defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
RsaKey key;
byte* tmp;
word32 idx = 0;
int bytes = 0;
printf(testingFmt, "wc_RsaPrivateKeyDecode()");
tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&key, NULL);
}
if (ret == 0) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
bytes = sizeof_client_key_der_1024;
#else
XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
bytes = sizeof_client_key_der_2048;
#endif /* Use cert buffers. */
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. User RSA. */
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPrivateKeyDecode */
/*
* Testing wc_RsaPublicKeyDecode()
*/
static int test_wc_RsaPublicKeyDecode (void)
{
int ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
|| defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
RsaKey keyPub;
byte* tmp;
word32 idx = 0;
int bytes = 0;
word32 keySz = 0;
word32 tstKeySz = 0;
tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&keyPub, NULL);
}
if (ret == 0) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
bytes = sizeof_client_keypub_der_1024;
keySz = 1024;
#else
XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
bytes = sizeof_client_keypub_der_2048;
keySz = 2048;
#endif
printf(testingFmt, "wc_RsaPublicKeyDecode()");
ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&keyPub) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
/* Test for getting modulus key size */
idx = 0;
ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
&tstKeySz, NULL, NULL);
ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
}
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicKeyDecode */
/*
* Testing wc_RsaPublicKeyDecodeRaw()
*/
static int test_wc_RsaPublicKeyDecodeRaw (void)
{
int ret = 0;
#if !defined(NO_RSA)
RsaKey key;
const byte n = 0x23;
const byte e = 0x03;
int nSz = sizeof(n);
int eSz = sizeof(e);
printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. User RSA. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicKeyDecodeRaw */
#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
/* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
* a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
* trying until it gets a probable prime. */
#ifdef HAVE_FIPS
static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
{
int ret;
for (;;) {
ret = wc_MakeRsaKey(key, size, e, rng);
if (ret != PRIME_GEN_E) break;
printf("MakeRsaKey couldn't find prime; trying again.\n");
}
return ret;
}
#define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
#else
#define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
#endif
#endif
/*
* Testing wc_MakeRsaKey()
*/
static int test_wc_MakeRsaKey (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey genKey;
WC_RNG rng;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
#else
int bits = 2048;
#endif
printf(testingFmt, "wc_MakeRsaKey()");
ret = wc_InitRsaKey(&genKey, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
if (ret == BAD_FUNC_ARG) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* e < 3 */
ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
}
if (ret == BAD_FUNC_ARG) {
/* e & 1 == 0 */
ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. */
if (ret == 0) {
ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
if (ret == USER_CRYPTO_ERROR) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
/* e < 3 */
ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
/* e & 1 == 0 */
ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_MakeRsaKey */
/*
* Test the bounds checking on the cipher text versus the key modulus.
* 1. Make a new RSA key.
* 2. Set c to 1.
* 3. Decrypt c into k. (error)
* 4. Copy the key modulus to c and sub 1 from the copy.
* 5. Decrypt c into k. (error)
* Valid bounds test cases are covered by all the other RSA tests.
*/
static int test_RsaDecryptBoundsCheck(void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
(defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
RsaKey key;
byte flatC[256];
word32 flatCSz;
byte out[256];
word32 outSz = sizeof(out);
WC_RNG rng;
printf(testingFmt, "RSA decrypt bounds check");
XMEMSET(&rng, 0, sizeof(rng));
ret = wc_InitRng(&rng);
if (ret == 0)
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
const byte* derKey;
word32 derKeySz;
word32 idx = 0;
#ifdef USE_CERT_BUFFERS_1024
derKey = server_key_der_1024;
derKeySz = (word32)sizeof_server_key_der_1024;
flatCSz = 128;
#else
derKey = server_key_der_2048;
derKeySz = (word32)sizeof_server_key_der_2048;
flatCSz = 256;
#endif
ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
}
if (ret == 0) {
XMEMSET(flatC, 0, flatCSz);
flatC[flatCSz-1] = 1;
ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
RSA_PRIVATE_DECRYPT, &rng);
}
if (ret == RSA_OUT_OF_RANGE_E) {
mp_int c;
mp_init_copy(&c, &key.n);
mp_sub_d(&c, 1, &c);
mp_to_unsigned_bin(&c, flatC);
ret = wc_RsaDirect(flatC, sizeof(flatC), out, &outSz, &key,
RSA_PRIVATE_DECRYPT, NULL);
mp_clear(&c);
}
if (ret == RSA_OUT_OF_RANGE_E)
ret = 0;
if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
ret = WOLFSSL_FATAL_ERROR;
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaDecryptBoundsCheck */
/*
* Testing wc_SetKeyUsage()
*/
static int test_wc_SetKeyUsage (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
Cert myCert;
ret = wc_InitCert(&myCert);
printf(testingFmt, "wc_SetKeyUsage()");
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "decipherOnly");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_SetKeyUsage(NULL, "decipherOnly");
if (ret == BAD_FUNC_ARG) {
ret = wc_SetKeyUsage(&myCert, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_SetKeyUsage(&myCert, "");
}
if (ret == KEYUSAGE_E) {
ret = wc_SetKeyUsage(&myCert, ",");
}
if (ret == KEYUSAGE_E) {
ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
}
if (ret == KEYUSAGE_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_SetKeyUsage */
/*
* Testing wc_CheckProbablePrime()
*/
static int test_wc_CheckProbablePrime (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
#define CHECK_PROBABLE_PRIME_KEY_BITS 2048
RsaKey key;
WC_RNG rng;
byte e[3];
word32 eSz = (word32)sizeof(e);
byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
word32 nSz = (word32)sizeof(n);
byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
word32 dSz = (word32)sizeof(d);
byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
word32 pSz = (word32)sizeof(p);
byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
word32 qSz = (word32)sizeof(q);
int nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
int* isPrime;
int test[5];
isPrime = test;
printf(testingFmt, "wc_CheckProbablePrime()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
p, &pSz, q, &qSz);
PRIVATE_KEY_LOCK();
}
/* Bad cases */
if (ret == 0) {
ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz,
nlen, isPrime);
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#undef CHECK_PROBABLE_PRIME_KEY_BITS
#endif
return ret;
} /* END test_wc_CheckProbablePrime */
/*
* Testing wc_RsaPSS_Verify()
*/
static int test_wc_RsaPSS_Verify (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256;
byte* pt;
const char* szMessage = "This is the string to be signed";
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
unsigned char pDecrypted[2048/8];
word32 outLen = sizeof(pDecrypted);
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_Verify()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad cases */
if (ret == 0) {
ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_Verify */
/*
* Testing wc_RsaPSS_VerifyCheck()
*/
static int test_wc_RsaPSS_VerifyCheck (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256; /* 2048/8 */
byte* pt;
byte digest[32];
word32 digestSz;
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
word32 pSignatureSz = sizeof(pSignature);
unsigned char pDecrypted[2048/8];
word32 outLen = sizeof(pDecrypted);
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_VerifyCheck()");
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(pSignature, 0, sizeof(pSignature));
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad cases */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_VerifyCheck */
/*
* Testing wc_RsaPSS_VerifyCheckInline()
*/
static int test_wc_RsaPSS_VerifyCheckInline (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256;
byte* pt;
byte digest[32];
word32 digestSz;
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
unsigned char pDecrypted[2048/8];
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_VerifyCheckInline()");
ret = wc_InitRsaKey(&key, NULL);
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(pSignature, 0, sizeof(pSignature));
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad Cases */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_VerifyCheckInline */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static void sample_mutex_cb (int flag, int type, const char* file, int line)
{
(void)flag;
(void)type;
(void)file;
(void)line;
}
#endif
/*
* Testing wc_LockMutex_ex
*/
static int test_wc_LockMutex_ex (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
int flag = CRYPTO_LOCK;
int type = 0;
const char* file = "./test-LockMutex_ex.txt";
int line = 0;
printf(testingFmt, "wc_LockMutex_ex()");
/*without SetMutexCb*/
ret = wc_LockMutex_ex(flag, type, file, line);
if (ret == BAD_STATE_E) {
ret = 0;
}
/*with SetMutexCb*/
if (ret == 0) {
ret = wc_SetMutexCb(sample_mutex_cb);
if (ret == 0) {
ret = wc_LockMutex_ex(flag, type, file, line);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_LockMutex_ex*/
/*
* Testing wc_SetMutexCb
*/
static int test_wc_SetMutexCb (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
printf(testingFmt, "wc_SetMutexCb()");
ret = wc_SetMutexCb(sample_mutex_cb);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_SetMutexCb*/
/*
* Testing wc_RsaKeyToDer()
*/
static int test_wc_RsaKeyToDer (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey genKey;
WC_RNG rng;
byte* der;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
word32 derSz = 611;
/* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
+ 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
#else
int bits = 2048;
word32 derSz = 1196;
/* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
+ 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Init structures. */
if (ret == 0) {
ret = wc_InitRsaKey(&genKey, NULL);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
/* Make key. */
if (ret == 0) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_RsaKeyToDer()");
if (ret == 0) {
ret = wc_RsaKeyToDer(&genKey, der, derSz);
if (ret > 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == USER_CRYPTO_ERROR) {
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (der != NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&genKey) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaKeyToDer */
/*
* Testing wc_RsaKeyToPublicDer()
*/
static int test_wc_RsaKeyToPublicDer (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
byte* der;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
word32 derLen = 162;
#else
int bits = 2048;
word32 derLen = 294;
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&key, NULL);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
printf(testingFmt, "wc_RsaKeyToPublicDer()");
if (ret == 0) {
/* test getting size only */
ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
if (ret >= 0)
ret = 0;
}
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(&key, der, derLen);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* test getting size only */
ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0);
if (ret >= 0)
ret = 0;
}
if (ret == 0) {
ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaKeyToPublicDer(&key, der, -1);
}
if (ret == BUFFER_E || ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaKeyToPublicDer(&key, der, -1);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (der != NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaKeyToPublicDer */
/*
* Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
*/
static int test_wc_RsaPublicEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 plainLen = (word32)TEST_STRING_SZ;
const word32 inLen = (word32)TEST_STRING_SZ;
int bits = TEST_RSA_BITS;
const word32 cipherLen = TEST_RSA_BYTES;
word32 cipherLenResult = cipherLen;
DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
#ifdef DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || plain == NULL || cipher == NULL) {
printf("test_wc_RsaPublicEncryptDecrypt malloc failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Encrypt. */
printf(testingFmt, "wc_RsaPublicEncrypt()");
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
if (ret >= 0) {
cipherLenResult = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
/* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Decrypt */
printf(testingFmt, "wc_RsaPrivateDecrypt()");
#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
/* Bind rng */
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key);
}
if (ret >= 0) {
ret = XMEMCMP(plain, inStr, plainLen);
}
/* Pass in bad args. */
/* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/
FREE_VAR(in, NULL);
FREE_VAR(plain, NULL);
FREE_VAR(cipher, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicEncryptDecrypt */
/*
* Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
*/
static int test_wc_RsaPublicEncryptDecrypt_ex (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
&& !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
&& !defined(NO_SHA)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 plainSz = (word32)TEST_STRING_SZ;
byte* res = NULL;
int idx = 0;
int bits = TEST_RSA_BITS;
const word32 cipherSz = TEST_RSA_BYTES;
DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
#ifdef DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || plain == NULL || cipher == NULL) {
printf("test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
/* Initialize stack structures. */
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Encrypt */
printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
if (ret == 0) {
ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
if (ret >= 0) {
idx = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/*Pass bad args.*/
/* Tests RsaPublicEncryptEx again. No need duplicate. */
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Decrypt */
printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
}
if (ret >= 0) {
if (!XMEMCMP(plain, inStr, plainSz)) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/*Pass bad args.*/
/* Tests RsaPrivateDecryptEx() again. No need duplicate. */
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()");
if (ret == 0) {
ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
if (ret >= 0) {
if (!XMEMCMP(inStr, res, plainSz)) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
#endif
FREE_VAR(in, NULL);
FREE_VAR(plain, NULL);
FREE_VAR(cipher, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicEncryptDecrypt_ex */
/*
* Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
*/
static int test_wc_RsaSSL_SignVerify (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 plainSz = (word32)TEST_STRING_SZ;
const word32 inLen = (word32)TEST_STRING_SZ;
word32 idx = 0;
int bits = TEST_RSA_BITS;
const word32 outSz = TEST_RSA_BYTES;
DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
#ifdef DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || out == NULL || plain == NULL) {
printf("test_wc_RsaSSL_SignVerify failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Sign. */
printf(testingFmt, "wc_RsaSSL_Sign()");
if (ret == 0) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
if (ret == (int)outSz) {
idx = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Verify. */
printf(testingFmt, "wc_RsaSSL_Verify()");
if (ret == 0) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
if (ret == (int)inLen) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
FREE_VAR(in, NULL);
FREE_VAR(out, NULL);
FREE_VAR(plain, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaSSL_SignVerify */
/*
* Testing wc_RsaEncryptSize()
*/
static int test_wc_RsaEncryptSize (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
printf(testingFmt, "wc_RsaEncryptSize()");
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
if (ret == 0) {
ret = wc_RsaEncryptSize(&key);
}
if (ret == 128) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
#endif
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
if (ret == 0) {
ret = wc_RsaEncryptSize(&key);
}
if (ret == 256) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad arg. */
if (ret == 0) {
ret = wc_RsaEncryptSize(NULL);
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaEncryptSize*/
/*
* Testing wc_RsaFlattenPublicKey()
*/
static int test_wc_RsaFlattenPublicKey (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
byte e[256];
byte n[256];
word32 eSz = sizeof(e);
word32 nSz = sizeof(n);
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
#else
int bits = 2048;
#endif
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_RsaFlattenPublicKey()");
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
}
#ifndef HAVE_USER_RSA
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaFlattenPublicKey */
/*
* unit test for wc_AesCcmSetKey
*/
static int test_wc_AesCcmSetKey (void)
{
int ret = 0;
#ifdef HAVE_AESCCM
Aes aes;
const byte key16[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
const byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
const byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
printf(testingFmt, "wc_AesCcmSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesCcmSetKey */
/*
* Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
*/
static int test_wc_AesCcmEncryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
Aes aes;
const byte key16[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
/* plaintext */
const byte plainT[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
};
/* nonce */
const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
const byte c[] = /* cipher text. */
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
};
const byte t[] = /* Auth tag */
{
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
};
const byte authIn[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
byte cipherOut[sizeof(plainT)];
byte authTag[sizeof(t)];
int ccmE = WOLFSSL_FATAL_ERROR;
#ifdef HAVE_AES_DECRYPT
int ccmD = WOLFSSL_FATAL_ERROR;
byte plainOut[sizeof(cipherOut)];
#endif
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
if (ret == 0) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
XMEMCMP(t, authTag, sizeof(t))) {
ccmE = WOLFSSL_FATAL_ERROR;
ret = WOLFSSL_FATAL_ERROR;
}
#ifdef HAVE_AES_DECRYPT
if (ret == 0) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv),
authTag, sizeof(authTag),
authIn, sizeof(authIn));
if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
ccmD = WOLFSSL_FATAL_ERROR;
}
}
#endif
}
printf(testingFmt, "wc_AesCcmEncrypt()");
/* Pass in bad args. Encrypt*/
if (ret == 0 && ccmE == 0) {
ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
NULL, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), NULL, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv) + 1, authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv) - 7, authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE != BAD_FUNC_ARG) {
ccmE = WOLFSSL_FATAL_ERROR;
} else {
ccmE = 0;
}
} /* End Encrypt */
printf(resultFmt, ccmE == 0 ? passed : failed);
if (ccmE != 0) {
wc_AesFree(&aes);
return ccmE;
}
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesCcmDecrypt()");
/* Pass in bad args. Decrypt*/
if (ret == 0 && ccmD == 0) {
ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), NULL, sizeof(iv),
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv), NULL,
sizeof(authTag), authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv) + 1,
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv) - 7,
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD != BAD_FUNC_ARG) {
ccmD = WOLFSSL_FATAL_ERROR;
} else {
ccmD = 0;
}
} /* END Decrypt */
printf(resultFmt, ccmD == 0 ? passed : failed);
if (ccmD != 0) {
return ccmD;
}
#endif
wc_AesFree(&aes);
#endif /* HAVE_AESCCM */
return ret;
} /* END test_wc_AesCcmEncryptDecrypt */
/*
* Test wc_Hc128_SetKey()
*/
static int test_wc_Hc128_SetKey (void)
{
int ret = 0;
#ifdef HAVE_HC128
HC128 ctx;
const char* key = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
const char* iv = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
"\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
printf(testingFmt, "wc_Hc128_SetKey()");
ret = wc_Hc128_SetKey(&ctx, (byte*)key, (byte*)iv);
/* Test bad args. */
if (ret == 0) {
ret = wc_Hc128_SetKey(NULL, (byte*)key, (byte*)iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Hc128_SetKey(&ctx, NULL, (byte*)iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Hc128_SetKey(&ctx, (byte*)key, NULL);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Hc128_SetKey */
/*
* Testing wc_Hc128_Process()
*/
static int test_wc_Hc128_Process (void)
{
int ret = 0;
#ifdef HAVE_HC128
HC128 enc;
HC128 dec;
const char* key = "\x0F\x62\xB5\x08\x5B\xAE\x01\x54"
"\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC";
const char* input = "Encrypt Hc128, and then Decrypt.";
size_t inlen = XSTRLEN(input) + 1; /* Add null terminator */
byte cipher[inlen];
byte plain[inlen];
printf(testingFmt, "wc_Hc128_Process()");
ret = wc_Hc128_SetKey(&enc, (byte*)key, NULL);
if (ret == 0) {
ret = wc_Hc128_SetKey(&dec, (byte*)key, NULL);
}
if (ret == 0) {
ret = wc_Hc128_Process(&enc, cipher, (byte*)input, (word32)inlen);
if (ret == 0) {
ret = wc_Hc128_Process(&dec, plain, cipher, (word32)inlen);
}
}
/* Bad args. */
if (ret == 0) {
ret = wc_Hc128_Process(NULL, plain, cipher, (word32)inlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_Hc128_Process(&dec, NULL, cipher, (word32)inlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Hc128_Process(&dec, plain, NULL, (word32)inlen);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Hc128_Process */
/*
* Testing wc_InitDsaKey()
*/
static int test_wc_InitDsaKey (void)
{
int ret = 0;
#ifndef NO_DSA
DsaKey key;
printf(testingFmt, "wc_InitDsaKey()");
ret = wc_InitDsaKey(&key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_InitDsaKey(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_InitDsaKey */
/*
* Testing wc_DsaSign() and wc_DsaVerify()
*/
static int test_wc_DsaSignVerify (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
WC_RNG rng;
wc_Sha sha;
byte signature[DSA_SIG_SIZE];
byte hash[WC_SHA_DIGEST_SIZE];
word32 idx = 0;
word32 bytes;
int answer;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
ret = wc_InitSha(&sha);
if (ret == 0) {
ret = wc_ShaUpdate(&sha, tmp, bytes);
if (ret == 0) {
ret = wc_ShaFinal(&sha, hash);
}
if (ret == 0) {
ret = wc_InitDsaKey(&key);
}
if (ret == 0) {
ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
}
printf(testingFmt, "wc_DsaSign()");
/* Sign. */
if (ret == 0) {
ret = wc_DsaSign(hash, signature, &key, &rng);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaSign(NULL, signature, &key, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, NULL, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, signature, NULL, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, signature, &key, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Verify. */
printf(testingFmt, "wc_DsaVerify()");
ret = wc_DsaVerify(hash, signature, &key, &answer);
if (ret != 0 || answer != 1) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_DsaVerify(NULL, signature, &key, &answer);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, NULL, &key, &answer);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, signature, NULL, &answer);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, signature, &key, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
/* hard set q to 0 and test fail case */
mp_free(&key.q);
mp_init(&key.q);
AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
mp_set_int(&key.q, 1);
AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
#endif
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
wc_ShaFree(&sha);
#endif
return ret;
} /* END test_wc_DsaSign */
/*
* Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
*/
static int test_wc_DsaPublicPrivateKeyDecode (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
word32 bytes;
word32 idx = 0;
int priv = WOLFSSL_FATAL_ERROR;
int pub = WOLFSSL_FATAL_ERROR;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE)
{
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
ret = wc_InitDsaKey(&key);
printf(testingFmt, "wc_DsaPrivateKeyDecode()");
if (ret == 0) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
/* Test bad args. */
if (priv == 0) {
priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
}
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
}
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
}
if (priv == ASN_PARSE_E) {
priv = 0;
} else {
priv = WOLFSSL_FATAL_ERROR;
}
}
wc_FreeDsaKey(&key);
ret = wc_InitDsaKey(&key);
}
printf(resultFmt, priv == 0 ? passed : failed);
printf(testingFmt, "wc_DsaPublicKeyDecode()");
if (ret == 0) {
idx = 0; /* Reset */
pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
/* Test bad args. */
if (pub == 0) {
pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
}
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
}
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
}
if (pub == ASN_PARSE_E) {
pub = 0;
} else {
pub = WOLFSSL_FATAL_ERROR;
}
}
} /* END Public Key */
printf(resultFmt, pub == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaPublicPrivateKeyDecode */
/*
* Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
*/
static int test_wc_MakeDsaKey (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
printf(testingFmt, "wc_MakeDsaParameters()");
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_MakeDsaKey()");
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &genKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_MakeDsaKey(NULL, &genKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaKey(&rng, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FAILURE;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&genKey);
#endif
return ret;
} /* END test_wc_MakeDsaKey */
/*
* Testing wc_DsaKeyToDer()
*/
static int test_wc_DsaKeyToDer (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
word32 bytes;
word32 idx = 0;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
byte der[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
byte der[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
byte der[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
#endif
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
if (ret == 0) {
wc_FreeDsaKey(&genKey);
ret = wc_InitDsaKey(&genKey);
}
}
if (ret == 0) {
ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
}
printf(testingFmt, "wc_DsaKeyToDer()");
if (ret == 0) {
ret = wc_DsaKeyToDer(&genKey, der, bytes);
if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
ret = 0;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&genKey);
#endif
return ret;
} /* END test_wc_DsaKeyToDer */
/*
* Testing wc_DsaKeyToPublicDer()
* (indirectly testing setDsaPublicKey())
*/
static int test_wc_DsaKeyToPublicDer(void)
{
int ret = 0;
#ifndef HAVE_SELFTEST
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
byte* der;
word32 sz;
printf(testingFmt, "wc_DsaKeyToPublicDer()");
der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
}
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &genKey);
}
if (ret == 0) {
ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
if (ret >= 0) {
sz = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
word32 idx = 0;
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
#endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */
#endif /* HAVE_SELFTEST */
return ret;
} /* END test_wc_DsaKeyToPublicDer */
/*
* Testing wc_DsaImportParamsRaw()
*/
static int test_wc_DsaImportParamsRaw (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
/* invalid p and q parameters */
const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
const char* invalidQ = "96c5390a";
printf(testingFmt, "wc_DsaImportParamsRaw()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
ret = wc_DsaImportParamsRaw(&key, p, q, g);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaImportParamsRaw(NULL, p, q, g);
if (ret == BAD_FUNC_ARG) {
/* null param pointers */
ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal p length */
ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
}
if (ret == BAD_FUNC_ARG) {
/* illegal q length */
ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
if (ret == BAD_FUNC_ARG)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaImportParamsRaw */
/*
* Testing wc_DsaImportParamsRawCheck()
*/
static int test_wc_DsaImportParamsRawCheck (void)
{
int ret = 0;
#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
DsaKey key;
int trusted = 0;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
/* invalid p and q parameters */
const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
const char* invalidQ = "96c5390a";
printf(testingFmt, "wc_DsaImportParamsRawCheck()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
if (ret == BAD_FUNC_ARG) {
/* null param pointers */
ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal p length */
ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal q length */
ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
if (ret == BAD_FUNC_ARG)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaImportParamsRawCheck */
/*
* Testing wc_DsaExportParamsRaw()
*/
static int test_wc_DsaExportParamsRaw (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
"\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
"\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
"\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
"\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
"\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
"\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
"\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
"\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
"\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
"\x80\xa0\x09\x31\x13\xa8\xbd\x73";
const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
"\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
"\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
"\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
"\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
"\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
"\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
"\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
"\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
"\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
"\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
"\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
byte pOut[MAX_DSA_PARAM_SIZE];
byte qOut[MAX_DSA_PARAM_SIZE];
byte gOut[MAX_DSA_PARAM_SIZE];
word32 pOutSz, qOutSz, gOutSz;
printf(testingFmt, "wc_DsaExportParamsRaw()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
/* first test using imported raw parameters, for expected */
ret = wc_DsaImportParamsRaw(&key, p, q, g);
}
if (ret == 0) {
pOutSz = sizeof(pOut);
qOutSz = sizeof(qOut);
gOutSz = sizeof(gOut);
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
}
if (ret == 0) {
/* validate exported parameters are correct */
if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
(XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
(XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
ret = -1;
}
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
if (ret == BAD_FUNC_ARG) {
/* null output pointers */
ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
NULL, &gOutSz);
}
if (ret == LENGTH_ONLY_E) {
/* null output size pointers */
ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
gOut, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* p output buffer size too small */
pOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
pOutSz = sizeof(pOut);
}
if (ret == BUFFER_E) {
/* q output buffer size too small */
qOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
qOutSz = sizeof(qOut);
}
if (ret == BUFFER_E) {
/* g output buffer size too small */
gOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
if (ret == BUFFER_E)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaExportParamsRaw */
/*
* Testing wc_DsaExportKeyRaw()
*/
static int test_wc_DsaExportKeyRaw (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey key;
WC_RNG rng;
byte xOut[MAX_DSA_PARAM_SIZE];
byte yOut[MAX_DSA_PARAM_SIZE];
word32 xOutSz, yOutSz;
printf(testingFmt, "wc_DsaExportKeyRaw()");
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&key);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, 1024, &key);
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &key);
}
}
/* try successful export */
if (ret == 0) {
xOutSz = sizeof(xOut);
yOutSz = sizeof(yOut);
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);
if (ret == BAD_FUNC_ARG) {
/* null output pointers */
ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
}
if (ret == LENGTH_ONLY_E) {
/* null output size pointers */
ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* x output buffer size too small */
xOutSz = 1;
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
xOutSz = sizeof(xOut);
}
if (ret == BUFFER_E) {
/* y output buffer size too small */
yOutSz = 1;
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
if (ret == BUFFER_E)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /* END test_wc_DsaExportParamsRaw */
/*
* Testing wc_ed25519_make_key().
*/
static int test_wc_ed25519_make_key (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
ed25519_key key;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&key);
}
printf(testingFmt, "wc_ed25519_make_key()");
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_make_key */
/*
* Testing wc_ed25519_init()
*/
static int test_wc_ed25519_init (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
ed25519_key key;
printf(testingFmt, "wc_ed25519_init()");
ret = wc_ed25519_init(&key);
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_init */
/*
* Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
*/
static int test_wc_ed25519_sign_msg (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
WC_RNG rng;
ed25519_key key;
byte msg[] = "Everybody gets Friday off.\n";
byte sig[ED25519_SIG_SIZE];
word32 msglen = sizeof(msg);
word32 siglen = sizeof(sig);
word32 badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED25519_VERIFY
int verify_ok = 0; /*1 = Verify success.*/
#endif
/* Initialize stack variables. */
XMEMSET(sig, 0, siglen);
/* Initialize key. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
}
printf(testingFmt, "wc_ed25519_sign_msg()");
if (ret == 0) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
}
/* Test bad args. */
if (ret == 0 && siglen == ED25519_SIG_SIZE) {
ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
}
if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
badSigLen -= 1;
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} /* END sign */
printf(resultFmt, ret == 0 ? passed : failed);
#ifdef HAVE_ED25519_VERIFY
printf(testingFmt, "wc_ed25519_verify_msg()");
if (ret == 0) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
if (ret == 0 && verify_ok == 1) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
msglen, &verify_ok, &key),
BAD_FUNC_ARG);
AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
msglen, &verify_ok, &key),
BAD_FUNC_ARG);
ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
&verify_ok, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
NULL, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
&verify_ok, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
&verify_ok, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
} /* END verify. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* Verify. */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_sign_msg */
/*
* Testing wc_ed25519_import_public()
*/
static int test_wc_ed25519_import_public (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
WC_RNG rng;
ed25519_key pubKey;
const byte in[] = "Ed25519PublicKeyUnitTest......\n";
word32 inlen = sizeof(in);
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&pubKey);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
}
}
printf(testingFmt, "wc_ed25519_import_public()");
if (ret == 0) {
ret = wc_ed25519_import_public(in, inlen, &pubKey);
if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_public(in, inlen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&pubKey);
#endif
return ret;
} /* END wc_ed25519_import_public */
/*
* Testing wc_ed25519_import_private_key()
*/
static int test_wc_ed25519_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
WC_RNG rng;
ed25519_key key;
const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
word32 privKeySz = sizeof(privKey);
word32 pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED25519_KEY_EXPORT
byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
word32 bothKeysSz = sizeof(bothKeys);
#endif
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
printf(testingFmt, "wc_ed25519_import_private_key()");
if (ret == 0) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
|| XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifdef HAVE_ED25519_KEY_EXPORT
if (ret == 0)
ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz);
if (ret == 0) {
ret = wc_ed25519_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
|| XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
0, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_import_private_key */
/*
* Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
*/
static int test_wc_ed25519_export (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
WC_RNG rng;
ed25519_key key;
byte priv[ED25519_PRV_KEY_SIZE];
byte pub[ED25519_PUB_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
printf(testingFmt, "wc_ed25519_export_public()");
if (ret == 0) {
ret = wc_ed25519_export_public(&key, pub, &pubSz);
if (ret == 0 && (pubSz != ED25519_KEY_SIZE
|| XMEMCMP(key.p, pub, pubSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed25519_export_public(NULL, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_public(&key, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_public(&key, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ed25519_export_private_only()");
if (ret == 0) {
ret = wc_ed25519_export_private_only(&key, priv, &privSz);
if (ret == 0 && (privSz != ED25519_KEY_SIZE
|| XMEMCMP(key.k, priv, privSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private_only(&key, priv, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_export */
/*
* Testing wc_ed25519_size()
*/
static int test_wc_ed25519_size (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
WC_RNG rng;
ed25519_key key;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
printf(testingFmt, "wc_ed25519_size()");
ret = wc_ed25519_size(&key);
/* Test bad args. */
if (ret == ED25519_KEY_SIZE) {
ret = wc_ed25519_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed25519_sig_size()");
ret = wc_ed25519_sig_size(&key);
if (ret == ED25519_SIG_SIZE) {
ret = 0;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_sig_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_sig_size() */
if (ret == 0) {
printf(testingFmt, "wc_ed25519_pub_size");
ret = wc_ed25519_pub_size(&key);
if (ret == ED25519_PUB_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed25519_pub_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_pub_size */
if (ret == 0) {
printf(testingFmt, "wc_ed25519_priv_size");
ret = wc_ed25519_priv_size(&key);
if (ret == ED25519_PRV_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed25519_priv_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_pub_size */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_size */
/*
* Testing wc_ed25519_export_private() and wc_ed25519_export_key()
*/
static int test_wc_ed25519_exportKey (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
WC_RNG rng;
ed25519_key key;
byte priv[ED25519_PRV_KEY_SIZE];
byte pub[ED25519_PUB_KEY_SIZE];
byte privOnly[ED25519_PRV_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
word32 privOnlySz = sizeof(privOnly);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
printf(testingFmt, "wc_ed25519_export_private()");
ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
if (ret == 0) {
ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private(&key, privOnly, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed25519_export_key()");
ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret == 0) {
ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_export_key() */
/* Cross check output. */
if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_exportKey */
/*
* Testing wc_Ed25519PublicKeyToDer
*/
static int test_wc_Ed25519PublicKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
int tmp;
ed25519_key key;
byte derBuf[1024];
printf(testingFmt, "wc_Ed25519PublicKeyToDer()");
/* Test bad args */
tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
if (tmp != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
wc_ed25519_init(&key);
tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
if (tmp != BUFFER_E) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
}
/* Test good args */
if (ret == 0) {
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
if (tmp <= 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRng(&rng);
wc_ed25519_free(&key);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END testing wc_Ed25519PublicKeyToDer */
/*
* Testing wc_curve25519_init and wc_curve25519_free.
*/
static int test_wc_curve25519_init (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
printf(testingFmt, "wc_curve25519_init()");
ret = wc_curve25519_init(&key);
/* Test bad args for wc_curve25519_init */
if (ret == 0) {
ret = wc_curve25519_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Test good args for wc_curve_25519_free */
wc_curve25519_free(&key);
wc_curve25519_free(NULL);
#endif
return ret;
} /* END test_wc_curve25519_init and wc_curve_25519_free*/
/*
* Testing test_wc_curve25519_size.
*/
static int test_wc_curve25519_size (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
printf(testingFmt, "wc_curve25519_size()");
ret = wc_curve25519_init(&key);
/* Test good args for wc_curve25519_size */
if (ret == 0) {
ret = wc_curve25519_size(&key);
}
/* Test bad args for wc_curve25519_size */
if (ret != 0) {
ret = wc_curve25519_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
#endif
return ret;
} /* END test_wc_curve25519_size*/
/*
* Testing test_wc_curve25519_export_key_raw().
*/
static int test_wc_curve25519_export_key_raw (void)
{
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
curve25519_key key;
WC_RNG rng;
byte privateKey[CURVE25519_KEYSIZE];
byte publicKey[CURVE25519_KEYSIZE];
word32 prvkSz;
word32 pubkSz;
byte prik[CURVE25519_KEYSIZE];
byte pubk[CURVE25519_KEYSIZE];
word32 prksz;
word32 pbksz;
printf(testingFmt, "wc_curve25519_export_key_raw()");
if(0 != wc_InitRng(&rng)){
printf(testingFmt, "failed due to wc_InitRng");
fflush( stdout );
return 1;
}
if(0 != wc_curve25519_init(&key)){
printf(testingFmt, "failed due to wc_curve25519_init");
fflush( stdout );
wc_FreeRng(&rng);
return 1;
}
if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
printf(testingFmt, "failed due to wc_curve25519_make_key");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
bad-argument-test cases
target function sould return BAD_FUNC_ARG
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
NULL , privateKey, &prvkSz, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-1.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , NULL, &prvkSz, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-2.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, NULL, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-3.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, &prvkSz, NULL, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-4.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, &prvkSz, publicKey, NULL )){
printf(testingFmt,"failed at bad-arg-case-5.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
cross-testing
*/
prksz = CURVE25519_KEYSIZE;
if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){
printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
pbksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){
printf(testingFmt,"failed due to wc_curve25519_export_public");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
publicKey, &pubkSz)){
printf(testingFmt,"failed due to wc_curve25519_export_key_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
if((prksz == CURVE25519_KEYSIZE) &&
(pbksz == CURVE25519_KEYSIZE) &&
(prvkSz == CURVE25519_KEYSIZE) &&
(pubkSz == CURVE25519_KEYSIZE)){
if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) &&
0 == XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)){
printf(resultFmt,passed);
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 0;
}
else{
printf(testingFmt,"failed due to key-contents-inconsistency.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to bad-key-size.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
#endif
fflush( stdout );
return 0;
} /* end of test_wc_curve25519_export_key_raw */
/*
* Testing test_wc_curve25519_export_key_raw_ex().
*/
static int test_wc_curve25519_export_key_raw_ex (void)
{
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
curve25519_key key;
WC_RNG rng;
byte privateKey[CURVE25519_KEYSIZE];
byte publicKey[CURVE25519_KEYSIZE];
word32 prvkSz;
word32 pubkSz;
byte prik[CURVE25519_KEYSIZE];
byte pubk[CURVE25519_KEYSIZE];
word32 prksz;
word32 pbksz;
printf(testingFmt, "wc_curve25519_export_key_raw_ex()");
if(0 != wc_InitRng(&rng)){
printf(testingFmt, "failed due to wc_InitRng");
fflush( stdout );
return 1;
}
if(0 != wc_curve25519_init(&key)){
printf(testingFmt, "failed due to wc_curve25519_init");
fflush( stdout );
wc_FreeRng(&rng);
return 1;
}
if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
printf(testingFmt, "failed due to wc_curve25519_make_key");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
bad-argument-test cases
target function sould return BAD_FUNC_ARG
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-1.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-2.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-3.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-4.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-5.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-6.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz,
publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-7.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-8.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-9.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-10.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* illegal value for endien */
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){
printf(testingFmt,"failed at bad-arg-case-11.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
cross-testing
*/
prksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){
printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
pbksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){
printf(testingFmt,"failed due to wc_curve25519_export_public");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
if( prksz == CURVE25519_KEYSIZE &&
pbksz == CURVE25519_KEYSIZE &&
prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) &&
0 == XMEMCMP( publicKey, pubk, CURVE25519_KEYSIZE )){
if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
if( prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
; /* proceed to the next test */
}
else{
printf(testingFmt,"failed due to key-size-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,
"failed due to wc_curve25519_export_key_raw_ex");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to key-contents-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to bad-key-size");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
try once with another endian
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
if( prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
/* no more test*/
printf(resultFmt, passed );
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 0;
}
else{
printf(testingFmt,"failed due to key-size-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,
"failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
#else
return 0;
#endif
} /* end of test_wc_curve25519_export_key_raw_ex */
/*
* Testing wc_curve25519_make_key
*/
static int test_wc_curve25519_make_key (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
int keysize;
printf(testingFmt, "wc_curve25519_make_key()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
keysize = wc_curve25519_size(&key);
if (keysize != CURVE25519_KEYSIZE) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, keysize, &key);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_make_key(NULL, 0, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, keysize, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(NULL, keysize, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, 0, &key);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_make_key*/
/*
* Testing wc_curve25519_shared_secret_ex
*/
static int test_wc_curve25519_shared_secret_ex(void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key private_key, public_key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_shared_secret_ex()");
ret = wc_curve25519_init(&private_key);
if (ret == 0) {
ret = wc_curve25519_init(&public_key);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
0, endian);
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
NULL, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/*curve25519.c is checking for public_key size less than or equal to 0x7f,
*increasing to 0x8f checks for error being returned*/
public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&private_key);
wc_curve25519_free(&public_key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_shared_secret_ex*/
/*
* Testing wc_curve25519_make_pub
*/
static int test_wc_curve25519_make_pub(void)
{
int ret = 0;
#ifdef HAVE_CURVE25519
WC_RNG rng;
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
printf(testingFmt, "wc_curve25519_make_pub()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
/* verify clamping test */
key.k[0] |= ~248;
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
key.k[0] &= 248;
}
/* repeat the expected-to-succeed test. */
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_make_pub */
/*
* Testing test_wc_curve25519_export_public_ex
*/
static int test_wc_curve25519_export_public_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_export_public_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_public(&key, out, &outLen);
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_export_public_ex*/
/*
* Testing test_wc_curve25519_import_private_raw_ex
*/
static int test_wc_curve25519_import_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
byte priv[CURVE25519_KEYSIZE];
byte pub[CURVE25519_KEYSIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_import_private_raw_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
}
if (ret == 0) {
ret = wc_curve25519_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, EC25519_LITTLE_ENDIAN);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_import_private_raw_ex*/
/*
* Testing test_wc_curve25519_import_private
*/
static int test_wc_curve25519_import_private (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
WC_RNG rng;
byte priv[CURVE25519_KEYSIZE];
word32 privSz = sizeof(priv);
printf(testingFmt, "wc_curve25519_import_private()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
}
}
if (ret == 0) {
ret = wc_curve25519_import_private(priv, privSz, &key);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_import*/
/*
* Testing test_wc_curve25519_export_private_raw_ex
*/
static int test_wc_curve25519_export_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_export_private_raw_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
EC25519_LITTLE_ENDIAN);
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
#endif
return ret;
}/*END test_wc_curve25519_export_private_raw_ex*/
/*
* Testing wc_ed448_make_key().
*/
static int test_wc_ed448_make_key (void)
{
int ret = 0;
#if defined(HAVE_ED448)
ed448_key key;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&key);
}
printf(testingFmt, "wc_ed448_make_key()");
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_make_key */
/*
* Testing wc_ed448_init()
*/
static int test_wc_ed448_init (void)
{
int ret = 0;
#if defined(HAVE_ED448)
ed448_key key;
printf(testingFmt, "wc_ed448_init()");
ret = wc_ed448_init(&key);
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_init */
/*
* Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
*/
static int test_wc_ed448_sign_msg (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
WC_RNG rng;
ed448_key key;
byte msg[] = "Everybody gets Friday off.\n";
byte sig[ED448_SIG_SIZE];
word32 msglen = sizeof(msg);
word32 siglen = sizeof(sig);
word32 badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED448_VERIFY
int verify_ok = 0; /*1 = Verify success.*/
#endif
/* Initialize stack variables. */
XMEMSET(sig, 0, siglen);
/* Initialize key. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
}
printf(testingFmt, "wc_ed448_sign_msg()");
if (ret == 0) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
}
/* Test bad args. */
if (ret == 0 && siglen == ED448_SIG_SIZE) {
ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
NULL, 0);
}
if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
badSigLen -= 1;
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} /* END sign */
printf(resultFmt, ret == 0 ? passed : failed);
#ifdef HAVE_ED448_VERIFY
printf(testingFmt, "wc_ed448_verify_msg()");
if (ret == 0) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
&key, NULL, 0);
if (ret == 0 && verify_ok == 1) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
msglen, &verify_ok, &key,
NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
msglen, &verify_ok, &key,
NULL, 0),
BAD_FUNC_ARG);
ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
&key, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
&verify_ok, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
NULL, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
&verify_ok, NULL, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
&verify_ok, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
} /* END verify. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* Verify. */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_sign_msg */
/*
* Testing wc_ed448_import_public()
*/
static int test_wc_ed448_import_public (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
WC_RNG rng;
ed448_key pubKey;
const byte in[] =
"Ed448PublicKeyUnitTest.................................\n";
word32 inlen = sizeof(in);
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&pubKey);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
}
}
printf(testingFmt, "wc_ed448_import_public()");
if (ret == 0) {
ret = wc_ed448_import_public(in, inlen, &pubKey);
if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_import_public(NULL, inlen, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_public(in, inlen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&pubKey);
#endif
return ret;
} /* END wc_ed448_import_public */
/*
* Testing wc_ed448_import_private_key()
*/
static int test_wc_ed448_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
WC_RNG rng;
ed448_key key;
const byte privKey[] =
"Ed448PrivateKeyUnitTest................................\n";
const byte pubKey[] =
"Ed448PublicKeyUnitTest.................................\n";
word32 privKeySz = sizeof(privKey);
word32 pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED448_KEY_EXPORT
byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
word32 bothKeysSz = sizeof(bothKeys);
#endif
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
printf(testingFmt, "wc_ed448_import_private_key()");
if (ret == 0) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz,
&key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifdef HAVE_ED448_KEY_EXPORT
if (ret == 0)
ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz);
if (ret == 0) {
ret = wc_ed448_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
pubKeySz - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
0, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_import_private_key */
/*
* Testing wc_ed448_export_public() and wc_ed448_export_private_only()
*/
static int test_wc_ed448_export (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
WC_RNG rng;
ed448_key key;
byte priv[ED448_PRV_KEY_SIZE];
byte pub[ED448_PUB_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
printf(testingFmt, "wc_ed448_export_public()");
if (ret == 0) {
ret = wc_ed448_export_public(&key, pub, &pubSz);
if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
XMEMCMP(key.p, pub, pubSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed448_export_public(NULL, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_public(&key, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_public(&key, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ed448_export_private_only()");
if (ret == 0) {
ret = wc_ed448_export_private_only(&key, priv, &privSz);
if (ret == 0 && (privSz != ED448_KEY_SIZE ||
XMEMCMP(key.k, priv, privSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed448_export_private_only(NULL, priv, &privSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private_only(&key, NULL, &privSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private_only(&key, priv, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_export */
/*
* Testing wc_ed448_size()
*/
static int test_wc_ed448_size (void)
{
int ret = 0;
#if defined(HAVE_ED448)
WC_RNG rng;
ed448_key key;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
printf(testingFmt, "wc_ed448_size()");
ret = wc_ed448_size(&key);
/* Test bad args. */
if (ret == ED448_KEY_SIZE) {
ret = wc_ed448_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed448_sig_size()");
ret = wc_ed448_sig_size(&key);
if (ret == ED448_SIG_SIZE) {
ret = 0;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_sig_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_sig_size() */
if (ret == 0) {
printf(testingFmt, "wc_ed448_pub_size");
ret = wc_ed448_pub_size(&key);
if (ret == ED448_PUB_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed448_pub_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_pub_size */
if (ret == 0) {
printf(testingFmt, "wc_ed448_priv_size");
ret = wc_ed448_priv_size(&key);
if (ret == ED448_PRV_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed448_priv_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_pub_size */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_size */
/*
* Testing wc_ed448_export_private() and wc_ed448_export_key()
*/
static int test_wc_ed448_exportKey (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
WC_RNG rng;
ed448_key key;
byte priv[ED448_PRV_KEY_SIZE];
byte pub[ED448_PUB_KEY_SIZE];
byte privOnly[ED448_PRV_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
word32 privOnlySz = sizeof(privOnly);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
printf(testingFmt, "wc_ed448_export_private()");
ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
if (ret == 0) {
ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private(&key, privOnly, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed448_export_key()");
ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret == 0) {
ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_export_key() */
/* Cross check output. */
if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_exportKey */
/*
* Testing wc_Ed448PublicKeyToDer
*/
static int test_wc_Ed448PublicKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
int tmp;
ed448_key key;
byte derBuf[1024];
printf(testingFmt, "wc_Ed448PublicKeyToDer()");
/* Test bad args */
tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
if (tmp != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
wc_ed448_init(&key);
tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
if (tmp != BUFFER_E) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
}
/* Test good args */
if (ret == 0) {
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
if (tmp <= 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRng(&rng);
wc_ed448_free(&key);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END testing wc_Ed448PublicKeyToDer */
/*
* Testing wc_curve448_init and wc_curve448_free.
*/
static int test_wc_curve448_init (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
printf(testingFmt, "wc_curve448_init()");
ret = wc_curve448_init(&key);
/* Test bad args for wc_curve448_init */
if (ret == 0) {
ret = wc_curve448_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Test good args for wc_curve_448_free */
wc_curve448_free(&key);
wc_curve448_free(NULL);
#endif
return ret;
} /* END test_wc_curve448_init and wc_curve_448_free*/
/*
* Testing wc_curve448_make_key
*/
static int test_wc_curve448_make_key (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
int keysize;
printf(testingFmt, "wc_curve448_make_key()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
keysize = wc_curve448_size(&key);
if (keysize != CURVE448_KEY_SIZE) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, keysize, &key);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_make_key(NULL, 0, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, keysize, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(NULL, keysize, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, 0, &key);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /*END test_wc_curve448_make_key*/
/*
* Testing test_wc_curve448_shared_secret_ex
*/
static int test_wc_curve448_shared_secret_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key private_key, public_key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_shared_secret_ex()");
ret = wc_curve448_init(&private_key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
}
}
if (ret == 0) {
ret = wc_curve448_init(&public_key);
}
if (ret == 0) {
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL,
0, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&private_key);
wc_curve448_free(&public_key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_shared_secret_ex*/
/*
* Testing test_wc_curve448_export_public_ex
*/
static int test_wc_curve448_export_public_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_export_public_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0){
ret = wc_curve448_export_public(&key, out, &outLen);
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_export_public_ex*/
/*
* Testing test_wc_curve448_export_private_raw_ex
*/
static int test_wc_curve448_export_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_export_private_raw_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
EC448_LITTLE_ENDIAN);
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
}/*END test_wc_curve448_export_private_raw_ex*/
/*
* Testing test_wc_curve448_import_private_raw_ex
*/
static int test_wc_curve448_import_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte priv[CURVE448_KEY_SIZE];
byte pub[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_import_private_raw_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0){
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
if (ret == 0){
ret = wc_curve448_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, EC448_LITTLE_ENDIAN);
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /*END test_wc_curve448_import_private_raw_ex*/
/*
* Testing test_curve448_export_key_raw
*/
static int test_wc_curve448_export_key_raw (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte priv[CURVE448_KEY_SIZE];
byte pub[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
printf(testingFmt, "wc_curve448_export_key_raw()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
if (ret == 0) {
ret = wc_curve448_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
}/*END test_wc_curve448_import_private_raw_ex*/
/*
* Testing test_wc_curve448_import_private
*/
static int test_wc_curve448_import_private (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
WC_RNG rng;
byte priv[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
printf(testingFmt, "wc_curve448_import_private()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
}
if (ret == 0) {
ret = wc_curve448_import_private(priv, privSz, &key);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_import*/
/*
* Testing test_wc_curve448_size.
*/
static int test_wc_curve448_size (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
printf(testingFmt, "wc_curve448_size()");
ret = wc_curve448_init(&key);
/* Test good args for wc_curve448_size */
if (ret == 0) {
ret = wc_curve448_size(&key);
}
/* Test bad args for wc_curve448_size */
if (ret != 0) {
ret = wc_curve448_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /* END test_wc_curve448_size*/
/*
* Testing wc_ecc_make_key.
*/
static int test_wc_ecc_make_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
printf(testingFmt, "wc_ecc_make_key()");
ret = wc_InitRng(&rng);
if (ret != 0)
return ret;
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_make_key(NULL, KEY14, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_make_key(&rng, KEY14, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_ecc_free(&key);
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_ecc_make_key */
/*
* Testing wc_ecc_init()
*/
static int test_wc_ecc_init (void)
{
int ret = 0;
#ifdef HAVE_ECC
ecc_key key;
printf(testingFmt, "wc_ecc_init()");
ret = wc_ecc_init(&key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_init */
/*
* Testing wc_ecc_check_key()
*/
static int test_wc_ecc_check_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_check_key()");
if (ret == 0) {
ret = wc_ecc_check_key(&key);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_check_key(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_check_key */
/*
* Testing wc_ecc_get_generator()
*/
static int test_wc_ecc_get_generator(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
ecc_point* pt;
printf(testingFmt, "wc_ecc_new_point()");
pt = wc_ecc_new_point();
if (!pt) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(testingFmt, "wc_ecc_get_generator()");
if (ret == 0) {
ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
}
/* Test bad args. */
if (ret == MP_OKAY) {
/* Returns Zero for bad arg. */
ret = wc_ecc_get_generator(pt, -1);
if (ret != MP_OKAY)
wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
if (ret != MP_OKAY)
wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
* increase this number */
if (ret != MP_OKAY)
wc_ecc_get_generator(NULL, -1);
ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_del_point(pt);
#endif
return ret;
} /* END test_wc_ecc_get_generator */
/*
* Testing wc_ecc_size()
*/
static int test_wc_ecc_size (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_size()");
if (ret == 0) {
ret = wc_ecc_size(&key);
if (ret == KEY14) {
ret = 0;
} else if (ret == 0){
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
/* Returns Zero for bad arg. */
ret = wc_ecc_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_size */
static void test_wc_ecc_params(void)
{
/* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
It was added after certifications */
#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
const ecc_set_type* ecc_set;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
/* Test for SECP256R1 curve */
int curve_id = ECC_SECP256R1;
int curve_idx = wc_ecc_get_curve_idx(curve_id);
AssertIntNE(curve_idx, ECC_CURVE_INVALID);
ecc_set = wc_ecc_get_curve_params(curve_idx);
AssertNotNull(ecc_set);
AssertIntEQ(ecc_set->id, curve_id);
#endif
/* Test case when SECP256R1 is not enabled */
/* Test that we get curve params for index 0 */
ecc_set = wc_ecc_get_curve_params(0);
AssertNotNull(ecc_set);
#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
}
/*
* Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
*/
static int test_wc_ecc_signVerify_hash (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
int signH = WOLFSSL_FATAL_ERROR;
#ifdef HAVE_ECC_VERIFY
int verifyH = WOLFSSL_FATAL_ERROR;
int verify = 0;
#endif
word32 siglen = ECC_BUFSIZE;
byte sig[ECC_BUFSIZE];
byte adjustedSig[ECC_BUFSIZE+1];
byte digest[] = TEST_STRING;
word32 digestlen = (word32)TEST_STRING_SZ;
/* Init stack var */
XMEMSET(sig, 0, siglen);
XMEMSET(&key, 0, sizeof(key));
XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
/* Init structs. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_sign_hash()");
if (ret == 0) {
ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
}
/* Check bad args. */
if (ret == 0) {
signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
&rng, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
&rng, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
NULL, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
&rng, NULL);
}
if (signH == ECC_BAD_ARG_E) {
signH = 0;
} else if (ret == 0) {
signH = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, signH == 0 ? passed : failed);
#ifdef HAVE_ECC_VERIFY
printf(testingFmt, "wc_ecc_verify_hash()");
ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
if (verify != 1 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* test check on length of signature passed in */
XMEMCPY(adjustedSig, sig, siglen);
adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
#ifndef NO_STRICT_ECDSA_LEN
AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
&verify, &key), 0);
#else
/* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
* is allowed */
AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
&verify, &key), 0);
#endif
/* Test bad args. */
if (ret == 0) {
verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
&verify, &key);
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
&verify, &key);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
NULL, &key);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
&verify, NULL);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = 0;
} else if (ret == 0) {
verifyH = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, verifyH == 0 ? passed : failed);
#endif /* HAVE_ECC_VERIFY */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_sign_hash */
/*
* Testing wc_ecc_shared_secret()
*/
static int test_wc_ecc_shared_secret (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, pubKey;
WC_RNG rng;
byte out[KEY32];
int keySz = sizeof(out);
word32 outlen = (word32)sizeof(out);
#if defined(HAVE_ECC) && !defined(NO_ECC256)
const char* qx =
"bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
const char* qy =
"02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
const char* d =
"45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
const char* curveName = "SECP256R1";
const byte expected_shared_secret[] =
{
0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
};
#endif
/* Initialize variables. */
XMEMSET(out, 0, keySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_init(&pubKey);
}
}
#if defined(HAVE_ECC) && !defined(NO_ECC256)
if (ret == 0) {
ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
}
if (ret == 0) {
ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName);
}
#else
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &pubKey);
}
#endif
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&key, &rng);
}
#endif
printf(testingFmt, "wc_ecc_shared_secret()");
if (ret == 0) {
ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
#if defined(HAVE_ECC) && !defined(NO_ECC256)
if (ret == 0) {
if (0 != XMEMCMP(out, expected_shared_secret, outlen)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* Invalid length */
outlen = 1;
ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
}
if (ret == BUFFER_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&pubKey);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END tests_wc_ecc_shared_secret */
/*
* testint wc_ecc_export_x963()
*/
static int test_wc_ecc_export_x963 (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
word32 outlen = sizeof(out);
/* Initialize variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY20, &key);
}
}
printf(testingFmt, "wc_ecc_export_x963()");
if (ret == 0) {
ret = wc_ecc_export_x963(&key, out, &outlen);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_export_x963(NULL, out, &outlen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_x963(&key, NULL, &outlen);
}
if (ret == LENGTH_ONLY_E) {
ret = wc_ecc_export_x963(&key, out, NULL);
}
if (ret == ECC_BAD_ARG_E) {
key.idx = -4;
ret = wc_ecc_export_x963(&key, out, &outlen);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_x963 */
/*
* Testing wc_ecc_export_x963_ex()
* compile with --enable-compkey will use compression.
*/
static int test_wc_ecc_export_x963_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
word32 outlen = sizeof(out);
#ifdef HAVE_COMP_KEY
word32 badOutLen = 5;
#endif
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY64, &key);
}
}
printf(testingFmt, "wc_ecc_export_x963_ex()");
#ifdef HAVE_COMP_KEY
if (ret == 0) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
}
#else
if (ret == 0) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
}
#endif
/* Test bad args. */
#ifdef HAVE_COMP_KEY
if (ret == 0) {
ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
}
if (ret == BUFFER_E) {
key.idx = -4;
ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
if (ret == 0) {
ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
}
if (ret == NOT_COMPILED_IN) {
ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
}
if (ret == BAD_FUNC_ARG) {
key.idx = -4;
ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_x963_ex */
/*
* testing wc_ecc_import_x963()
*/
static int test_wc_ecc_import_x963 (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key pubKey, key;
WC_RNG rng;
byte x963[ECC_ASN963_MAX_BUF_SZ];
word32 x963Len = (word32)sizeof(x963);
/* Init stack variables. */
XMEMSET(x963, 0, x963Len);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&pubKey);
if (ret == 0) {
ret = wc_ecc_init(&key);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY24, &key);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_x963(&key, x963, &x963Len);
PRIVATE_KEY_LOCK();
}
}
printf(testingFmt, "wc_ecc_import_x963()");
if (ret == 0) {
ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_x963(x963, x963Len, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&pubKey);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END wc_ecc_import_x963 */
/*
* testing wc_ecc_import_private_key()
*/
static int ecc_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key, keyImp;
WC_RNG rng;
byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
byte x963Key[ECC_ASN963_MAX_BUF_SZ];
word32 privKeySz = (word32)sizeof(privKey);
word32 x963KeySz = (word32)sizeof(x963Key);
/* Init stack variables. */
XMEMSET(privKey, 0, privKeySz);
XMEMSET(x963Key, 0, x963KeySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&keyImp, 0, sizeof(keyImp));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_init(&keyImp);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY48, &key);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
PRIVATE_KEY_LOCK();
}
if (ret == 0) {
ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
}
}
printf(testingFmt, "wc_ecc_import_private_key()");
if (ret == 0) {
ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
x963KeySz, &keyImp);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
x963KeySz, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
x963KeySz, &keyImp);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&keyImp);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END wc_ecc_import_private_key */
/*
* Testing wc_ecc_export_private_only()
*/
static int test_wc_ecc_export_private_only (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_PRIV_KEY_BUF];
word32 outlen = sizeof(out);
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY32, &key);
}
}
printf(testingFmt, "wc_ecc_export_private_only()");
if (ret == 0) {
ret = wc_ecc_export_private_only(&key, out, &outlen);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_export_private_only(NULL, out, &outlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_private_only(&key, NULL, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_private_only(&key, out, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_private_only */
/*
* Testing wc_ecc_rs_to_sig()
*/
static int test_wc_ecc_rs_to_sig (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ASN)
/* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
const char* zeroStr = "0";
byte sig[ECC_MAX_SIG_SIZE];
word32 siglen = (word32)sizeof(sig);
/*R and S max size is the order of curve. 2^192.*/
int keySz = KEY24;
byte r[KEY24];
byte s[KEY24];
word32 rlen = (word32)sizeof(r);
word32 slen = (word32)sizeof(s);
/* Init stack variables. */
XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
XMEMSET(r, 0, keySz);
XMEMSET(s, 0, keySz);
printf(testingFmt, "wc_ecc_rs_to_sig()");
ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen);
}
if (ret == MP_ZERO_E) {
ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen);
}
if (ret == MP_ZERO_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_sig_to_rs()");
if (ret == 0) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_ecc_rs_to_sig */
static int test_wc_ecc_import_raw(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256)
ecc_key key;
const char* qx =
"bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
const char* qy =
"02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
const char* d =
"45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
const char* curveName = "SECP256R1";
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
const char* kNullStr = "";
#endif
ret = wc_ecc_init(&key);
printf(testingFmt, "wc_ecc_import_raw()");
if (ret == 0) {
ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
}
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
if (ret == ECC_INF_E)
ret = BAD_FUNC_ARG; /* This is expected by other tests */
}
#endif
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
}
#endif
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_import_raw */
static int test_wc_ecc_import_unsigned(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
ecc_key key;
const byte qx[] = {
0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
};
const byte qy[] = {
0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
};
const byte d[] = {
0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
};
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
const byte nullBytes[32] = {0};
#endif
int curveId = ECC_SECP256R1;
ret = wc_ecc_init(&key);
printf(testingFmt, "wc_ecc_import_unsigned()");
if (ret == 0) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
curveId);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
curveId);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
curveId);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
curveId);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
ECC_CURVE_INVALID);
}
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
(byte*)nullBytes, (byte*)nullBytes, curveId);
}
#endif
if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_import_unsigned */
/*
* Testing wc_ecc_sig_size()
*/
static int test_wc_ecc_sig_size (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int keySz = KEY16;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
printf(testingFmt, "wc_ecc_sig_size()");
if (ret == 0) {
ret = wc_ecc_sig_size(&key);
if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_sig_size */
/*
* Testing wc_ecc_ctx_new()
*/
static int test_wc_ecc_ctx_new (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cli = NULL;
ecEncCtx* srv = NULL;
ret = wc_InitRng(&rng);
printf(testingFmt, "wc_ecc_ctx_new()");
if (ret == 0) {
cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
}
if (ret == 0 && (cli == NULL || srv == NULL)) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cli);
wc_ecc_ctx_free(srv);
/* Test bad args. */
if (ret == 0) {
/* wc_ecc_ctx_new_ex() will free if returned NULL. */
cli = wc_ecc_ctx_new(0, &rng);
if (cli != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
if (cli != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cli);
#endif
return ret;
} /* END test_wc_ecc_ctx_new */
/*
* Tesing wc_ecc_reset()
*/
static int test_wc_ecc_ctx_reset (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_ecc_ctx_reset()");
if (ret == 0) {
ret = wc_ecc_ctx_reset(ctx, &rng);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_reset(NULL, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_reset(ctx, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(ctx);
#endif
return ret;
} /* END test_wc_ecc_ctx_reset */
/*
* Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
*/
static int test_wc_ecc_ctx_set_peer_salt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cliCtx = NULL;
ecEncCtx* servCtx = NULL;
const byte* cliSalt = NULL;
const byte* servSalt = NULL;
ret = wc_InitRng(&rng);
if (ret == 0) {
if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_ecc_ctx_get_own_salt()");
/* Test bad args. */
if (ret == 0) {
cliSalt = wc_ecc_ctx_get_own_salt(NULL);
if (cliSalt != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
cliSalt = wc_ecc_ctx_get_own_salt(cliCtx);
servSalt = wc_ecc_ctx_get_own_salt(servCtx);
if (cliSalt == NULL || servSalt == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_ctx_set_peer_salt()");
if (ret == 0) {
ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cliCtx);
wc_ecc_ctx_free(servCtx);
#endif
return ret;
} /* END test_wc_ecc_ctx_set_peer_salt */
/*
* Testing wc_ecc_ctx_set_info()
*/
static int test_wc_ecc_ctx_set_info (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
const char* optInfo = "Optional Test Info.";
int optInfoSz = (int)XSTRLEN(optInfo);
const char* badOptInfo = NULL;
ret = wc_InitRng(&rng);
if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(testingFmt, "wc_ecc_ctx_set_info()");
if (ret == 0) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(ctx);
#endif
return ret;
} /* END test_wc_ecc_ctx_set_info */
/*
* Testing wc_ecc_encrypt() and wc_ecc_decrypt()
*/
static int test_wc_ecc_encryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ecc_key srvKey, cliKey, tmpKey;
WC_RNG rng;
const char* msg = "EccBlock Size 16";
word32 msgSz = (word32)XSTRLEN(msg);
#ifdef WOLFSSL_ECIES_OLD
byte out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#else
byte out[KEY20 * 2 + 1 + XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#endif
word32 outSz = (word32)sizeof(out);
byte plain[XSTRLEN(msg) + 1];
word32 plainSz = (word32)sizeof(plain);
int keySz = KEY20;
/* Init stack variables. */
XMEMSET(out, 0, outSz);
XMEMSET(plain, 0, plainSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&srvKey, 0, sizeof(srvKey));
XMEMSET(&cliKey, 0, sizeof(cliKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&cliKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &cliKey);
}
if (ret == 0) {
ret = wc_ecc_init(&srvKey);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &srvKey);
}
if (ret == 0) {
ret = wc_ecc_init(&tmpKey);
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&srvKey, &rng);
}
if (ret == 0) {
ret = wc_ecc_set_rng(&cliKey, &rng);
}
#endif
printf(testingFmt, "wc_ecc_encrypt()");
if (ret == 0) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
&outSz, NULL);
}
if (ret == 0) {
ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
&outSz, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_decrypt()");
#ifdef WOLFSSL_ECIES_OLD
if (ret == 0) {
tmpKey.dp = cliKey.dp;
ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey);
}
#endif
if (ret == 0) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain,
&plainSz, NULL);
}
if (ret == 0) {
ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain,
&plainSz, NULL);
#ifdef WOLFSSL_ECIES_OLD
/* NULL parameter allowed in new implementations - public key comes from
* the message. */
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
&plainSz, NULL);
}
#endif
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain,
&plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL,
&plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz,
plain, NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (XMEMCMP(msg, plain, msgSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&tmpKey);
wc_ecc_free(&cliKey);
wc_ecc_free(&srvKey);
#endif
return ret;
} /* END test_wc_ecc_encryptDecrypt */
/*
* Testing wc_ecc_del_point() and wc_ecc_new_point()
*/
static int test_wc_ecc_del_point (void)
{
int ret = 0;
#if defined(HAVE_ECC)
ecc_point* pt;
printf(testingFmt, "wc_ecc_new_point()");
pt = wc_ecc_new_point();
if (!pt) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_del_point(pt);
#endif
return ret;
} /* END test_wc_ecc_del_point */
/*
* Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
* wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
* and wc_ecc_cmp_point()
*/
static int test_wc_ecc_pointFns (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key;
WC_RNG rng;
ecc_point* point = NULL;
ecc_point* cpypt = NULL;
int idx = 0;
int keySz = KEY32;
byte der[DER_SZ(KEY32)];
word32 derlenChk = 0;
word32 derSz = DER_SZ(KEY32);
/* Init stack variables. */
XMEMSET(der, 0, derSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
if (ret == 0) {
point = wc_ecc_new_point();
if (!point) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
cpypt = wc_ecc_new_point();
if (!cpypt) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Export */
printf(testingFmt, "wc_ecc_export_point_der()");
if (ret == 0) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
NULL, &derlenChk);
/* Check length value. */
if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
der, &derSz);
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
der, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Import */
printf(testingFmt, "wc_ecc_import_point_der()");
if (ret == 0) {
ret = wc_ecc_import_point_der(der, derSz, idx, point);
/* Condition double checks wc_ecc_cmp_point(). */
if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
ret = wc_ecc_cmp_point(&key.pubkey, point);
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz, -1, point);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Copy */
printf(testingFmt, "wc_ecc_copy_point()");
if (ret == 0) {
ret = wc_ecc_copy_point(point, cpypt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_copy_point(NULL, cpypt);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_copy_point(point, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_cmp_point()");
/* Compare point */
if (ret == 0) {
ret = wc_ecc_cmp_point(point, cpypt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_cmp_point(NULL, cpypt);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_cmp_point(point, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_point_is_at_infinity()");
/* At infinity if return == 1, otherwise return == 0. */
if (ret == 0) {
ret = wc_ecc_point_is_at_infinity(point);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_point_is_at_infinity(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#ifdef USE_ECC_B_PARAM
printf(testingFmt, "wc_ecc_point_is_on_curve()");
/* On curve if ret == 0 */
if (ret == 0) {
ret = wc_ecc_point_is_on_curve(point, idx);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_point_is_on_curve(NULL, idx);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_point_is_on_curve(point, 1000);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* USE_ECC_B_PARAM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
/* Free */
wc_ecc_del_point(point);
wc_ecc_del_point(cpypt);
wc_ecc_free(&key);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
return ret;
} /* END test_wc_ecc_pointFns */
/*
* Testing wc_ecc_sahred_secret_ssh()
*/
static int test_wc_ecc_shared_secret_ssh (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key, key2;
WC_RNG rng;
int keySz = KEY32;
int key2Sz = KEY24;
byte secret[KEY32];
word32 secretLen = keySz;
/* Init stack variables. */
XMEMSET(secret, 0, secretLen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&key2, 0, sizeof(key2));
/* Make keys */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key2);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, key2Sz, &key2);
}
}
printf(testingFmt, "ecc_shared_secret_ssh()");
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
}
if (ret == BAD_FUNC_ARG) {
key.type = ECC_PUBLICKEY;
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&key2);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_shared_secret_ssh */
/*
* Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
*/
static int test_wc_ecc_verify_hash_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key;
WC_RNG rng;
mp_int r;
mp_int s;
unsigned char hash[] = "Everyone gets Friday off.EccSig";
unsigned char iHash[] = "Everyone gets Friday off.......";
unsigned char shortHash[] = TEST_STRING;
word32 hashlen = sizeof(hash);
word32 iHashLen = sizeof(iHash);
word32 shortHashLen = sizeof(shortHash);
int keySz = KEY32;
int sig = WOLFSSL_FATAL_ERROR;
int ver = WOLFSSL_FATAL_ERROR;
int verify_ok = 0;
/* Initialize r and s. */
ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL);
if (ret != MP_OKAY) {
return MP_INIT_E;
}
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
if (ret == 0) {
ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
if (ret == 0) {
/* verify_ok should be 1. */
ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
if (verify_ok != 1 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* verify_ok should be 0 */
ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
&verify_ok, &key);
if (verify_ok != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* verify_ok should be 0. */
ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
&verify_ok, &key);
if (verify_ok != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_ecc_sign_hash_ex()");
/* Test bad args. */
if (ret == 0) {
if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
== ECC_BAD_ARG_E) {
sig = 0;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, sig == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_verify_hash_ex()");
/* Test bad args. */
if (ret == 0) {
if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
== ECC_BAD_ARG_E) {
ver = 0;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
&verify_ok, &key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
&key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
NULL, &key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
&verify_ok, NULL) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ver == 0 ? passed : failed);
wc_ecc_free(&key);
mp_free(&r);
mp_free(&s);
if (wc_FreeRng(&rng)) {
return WOLFSSL_FATAL_ERROR;
}
if (ret == 0 && (sig != 0 || ver != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
return ret;
} /* END test_wc_ecc_verify_hash_ex */
/*
* Testing wc_ecc_mulmod()
*/
static int test_wc_ecc_mulmod (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_VALIDATE_ECC_IMPORT))
ecc_key key1, key2, key3;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key1);
if (ret == 0) {
ret = wc_ecc_init(&key2);
}
if (ret == 0) {
ret = wc_ecc_init(&key3);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY32, &key1);
}
wc_FreeRng(&rng);
}
if (ret == 0) {
ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
ECC_SECP256R1);
if (ret == 0) {
ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
key1.dp->prime, ECC_SECP256R1);
}
}
printf(testingFmt, "wc_ecc_mulmod()");
if (ret == 0) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
&key3.k, 1);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
&key3.k, 1);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
&key3.k, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
&key3.k, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
&key2.k, NULL, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key1);
wc_ecc_free(&key2);
wc_ecc_free(&key3);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
return ret;
} /* END test_wc_ecc_mulmod */
/*
* Testing wc_ecc_is_valid_idx()
*/
static int test_wc_ecc_is_valid_idx (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int iVal = -2;
int iVal2 = 3000;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, 32, &key);
}
}
printf(testingFmt, "wc_ecc_is_valid_idx()");
if (ret == 0) {
ret = wc_ecc_is_valid_idx(key.idx);
if (ret == 1) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
if (ret == 0) {
ret = wc_ecc_is_valid_idx(iVal2);
}
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_is_valid_idx */
/*
* Testing wc_ecc_get_curve_id_from_oid()
*/
static int test_wc_ecc_get_curve_id_from_oid (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS)
const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
word32 len = sizeof(oid);
printf(testingFmt, "wc_ecc_get_curve_id_from_oid()");
/* Bad Cases */
ret = wc_ecc_get_curve_id_from_oid(NULL, len);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
if (ret == 0) {
ret = wc_ecc_get_curve_id_from_oid(oid, 0);
if (ret == ECC_CURVE_INVALID) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_ecc_get_curve_id_from_oid(oid, len);
if (ret == 7) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* END test_wc_ecc_get_curve_id_from_oid */
/*
* Testing wc_ecc_sig_size_calc()
*/
static int test_wc_ecc_sig_size_calc (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
ecc_key key;
WC_RNG rng;
int sz = 0;
printf(testingFmt, "wc_ecc_sig_size_calc()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, 16, &key);
}
sz = key.dp->size;
}
if (ret == 0) {
ret = wc_ecc_sig_size_calc(sz);
if (ret > 0) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /* END test_wc_ecc_sig_size_calc */
/*
* Testing ToTraditional
*/
static int test_ToTraditional (void)
{
int ret = 0;
#if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
XFILE f;
byte input[TWOK_BUF];
word32 sz;
printf(testingFmt, "ToTraditional()");
f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
AssertTrue((f != XBADFILE));
sz = (word32)XFREAD(input, 1, sizeof(input), f);
XFCLOSE(f);
/* Good case */
ret = ToTraditional(input, sz);
if (ret > 0) {
ret = 0;
}
/* Bad cases */
if (ret == 0) {
ret = ToTraditional(NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = ToTraditional(NULL, sz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = ToTraditional(input, 0);
if (ret == ASN_PARSE_E || ret == BUFFER_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_ToTraditional*/
/*
* Testing wc_EccPrivateKeyToDer
*/
static int test_wc_EccPrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
byte output[ONEK_BUF];
ecc_key eccKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_EccPrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
if (ret == LENGTH_ONLY_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/*Good Case */
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ecc_free(&eccKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_EccPrivateKeyToDer*/
/*
* Testing wc_DhPublicKeyDecode
*/
static int test_wc_DhPublicKeyDecode(void)
{
int ret = 0;
word32 inOutIdx;
#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
DhKey key;
AssertIntEQ(wc_InitDhKey(&key), 0);
printf(testingFmt, "wc_DhPublicKeyDecode()");
AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0),
BAD_FUNC_ARG);
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
BAD_FUNC_ARG);
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
sizeof_dh_pub_key_der_2048), 0);
AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 &&
key.pub.used != 0 && key.priv.used == 0);
wc_FreeDhKey(&key);
printf(resultFmt, passed);
#endif
(void)inOutIdx;
return ret;
}
/*
* Testing wc_Ed25519KeyToDer
*/
static int test_wc_Ed25519KeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed25519_key ed25519Key;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed25519KeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed25519_free(&ed25519Key);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed25519KeyToDer*/
/*
* Testing wc_Ed25519PrivateKeyToDer
*/
static int test_wc_Ed25519PrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed25519_key ed25519PrivKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed25519PrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&ed25519PrivKey);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed25519_free(&ed25519PrivKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed25519PrivateKeyToDer*/
/*
* Testing wc_Ed448KeyToDer
*/
static int test_wc_Ed448KeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed448_key ed448Key;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed448KeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
inLen = sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed448KeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed448_free(&ed448Key);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed448KeyToDer*/
/*
* Testing wc_Ed448PrivateKeyToDer
*/
static int test_wc_Ed448PrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed448_key ed448PrivKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed448PrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&ed448PrivKey);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
}
inLen = sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed448_free(&ed448PrivKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed448PrivateKeyToDer*/
/*
* Testing wc_SetSubjectBuffer
*/
static int test_wc_SetSubjectBuffer (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
Cert cert;
FILE* file;
byte* der;
word32 derSz;
printf(testingFmt, "wc_SetSubjectBuffer()");
derSz = FOURK_BUF;
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = -1;
}
if (ret == 0) {
file = XFOPEN("./certs/ca-cert.der", "rb");
if (file != NULL) {
derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
}
else {
ret = -1;
}
}
if (ret == 0) {
ret = wc_InitCert(&cert);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(&cert, der, derSz);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(NULL, der, derSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_SetSubjectBuffer*/
/*
* Testing wc_SetSubjectKeyIdFromPublicKey_ex
*/
static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WC_RNG rng;
Cert cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
ed25519_key ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
RsaKey rsaKey;
int bits = 2048;
#endif
#if defined(HAVE_ECC)
ecc_key eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
ed448_key ed448Key;
#endif
printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
&ed25519Key);
}
wc_ed25519_free(&ed25519Key);
}
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
if (ret == 0) { /*RSA*/
ret = wc_InitRsaKey(&rsaKey, NULL);
if (ret == 0) {
MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
}
wc_FreeRsaKey(&rsaKey);
}
#endif
#if defined(HAVE_ECC)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
}
wc_ecc_free(&eccKey);
}
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
&ed448Key);
}
wc_ed448_free(&ed448Key);
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeRng(&rng);
#endif
return ret;
}/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
/*
* Testing wc_SetAuthKeyIdFromPublicKey_ex
*/
static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WC_RNG rng;
Cert cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
ed25519_key ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
RsaKey rsaKey;
int bits = 2048;
#endif
#if defined(HAVE_ECC)
ecc_key eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
ed448_key ed448Key;
#endif
printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
&ed25519Key);
}
wc_ed25519_free(&ed25519Key);
}
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
if (ret == 0) { /*RSA*/
ret = wc_InitRsaKey(&rsaKey, NULL);
if (ret == 0) {
MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
}
wc_FreeRsaKey(&rsaKey);
}
#endif
#if defined(HAVE_ECC)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
}
wc_ecc_free(&eccKey);
}
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
&ed448Key);
}
wc_ed448_free(&ed448Key);
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeRng(&rng);
#endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
return ret;
}/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
/*
* Testing wc_PKCS7_New()
*/
static void test_wc_PKCS7_New (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_New()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_New */
/*
* Testing wc_PKCS7_Init()
*/
static void test_wc_PKCS7_Init (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_Init()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_Init */
/*
* Testing wc_PKCS7_InitWithCert()
*/
static void test_wc_PKCS7_InitWithCert (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof(client_cert_der_2048)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof(client_cert_der_1024)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
#else
unsigned char cert[ONEK_BUF];
XFILE fp;
int certSz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
#else
unsigned char cert[ONEK_BUF];
XFILE fp;
int certSz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp);
XFCLOSE(fp);
#endif
#else
#error PKCS7 requires ECC or RSA
#endif
#ifdef HAVE_ECC
/* bad test case from ZD 11011, malformed cert gives bad ECC key */
unsigned char certWithInvalidEccKey[] = {
0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
0x08, 0xA8, 0xB4};
#endif
printf(testingFmt, "wc_PKCS7_InitWithCert()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* If initialization is not successful, it's free'd in init func. */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* Valid initialization usage. */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
/* Pass in bad args. No need free for null checks, free at end.*/
AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
BAD_FUNC_ARG);
#ifdef HAVE_ECC
AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
sizeof(certWithInvalidEccKey)), 0);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_InitWithCert */
/*
* Testing wc_PKCS7_EncodeData()
*/
static void test_wc_PKCS7_EncodeData (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte output[FOURK_BUF];
byte data[] = "My encoded DER cert.";
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof(client_cert_der_2048)];
unsigned char key[sizeof(client_key_der_2048)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
unsigned char key[sizeof_client_key_der_1024];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#endif
XMEMSET(output, 0, sizeof(output));
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeData()");
pkcs7->content = data;
pkcs7->contentSz = sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeData */
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
!defined(NO_RSA) && !defined(NO_SHA256)
/* RSA sign raw digest callback */
static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
byte* out, word32 outSz, byte* privateKey,
word32 privateKeySz, int devid, int hashOID)
{
/* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
byte digInfoEncoding[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20
};
int ret;
byte digestInfo[ONEK_BUF];
byte sig[FOURK_BUF];
word32 digestInfoSz = 0;
word32 idx = 0;
RsaKey rsa;
/* SHA-256 required only for this example callback due to above
* digInfoEncoding[] */
if (pkcs7 == NULL || digest == NULL || out == NULL ||
(sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
(hashOID != SHA256h)) {
return -1;
}
/* build DigestInfo */
XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
digestInfoSz += sizeof(digInfoEncoding);
XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
digestInfoSz += digestSz;
/* set up RSA key */
ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
if (ret != 0) {
return ret;
}
ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
/* sign DigestInfo */
if (ret == 0) {
ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
&rsa, pkcs7->rng);
if (ret > 0) {
if (ret > (int)outSz) {
/* output buffer too small */
ret = -1;
} else {
/* success, ret holds sig size */
XMEMCPY(out, sig, ret);
}
}
}
wc_FreeRsaKey(&rsa);
return ret;
}
#endif
/*
* Testing wc_PKCS7_EncodeSignedData()
*/
static void test_wc_PKCS7_EncodeSignedData(void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
WC_RNG rng;
byte output[FOURK_BUF];
byte badOut[1];
word32 outputSz = (word32)sizeof(output);
word32 badOutSz = 0;
byte data[] = "Test data to encode.";
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, certSz);
XMEMCPY(key, ecc_clikey_der_256, keySz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, ONEK_BUF, fp);
XFCLOSE(fp);
#endif
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
pkcs7->hashOID = 0; /* bad hashOID */
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
!defined(NO_RSA) && !defined(NO_SHA256)
/* test RSA sign raw digest callback, if using RSA and compiled in.
* Example callback assumes SHA-256, so only run test if compiled in. */
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_EncodeSignedData */
/*
* Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
*/
static void test_wc_PKCS7_EncodeSignedData_ex(void)
{
#if defined(HAVE_PKCS7)
int ret, i;
PKCS7* pkcs7;
WC_RNG rng;
byte outputHead[FOURK_BUF/2];
byte outputFoot[FOURK_BUF/2];
word32 outputHeadSz = (word32)sizeof(outputHead);
word32 outputFootSz = (word32)sizeof(outputFoot);
byte data[FOURK_BUF];
wc_HashAlg hash;
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#endif
/* initialize large data with sequence */
for (i=0; i<(int)sizeof(data); i++)
data[i] = i & 0xff;
XMEMSET(outputHead, 0, outputHeadSz);
XMEMSET(outputFoot, 0, outputFootSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
pkcs7->content = NULL; /* not used for ex */
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
/* calculate hash for content */
ret = wc_HashInit(&hash, hashType);
if (ret == 0) {
ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
if (ret == 0) {
ret = wc_HashFinal(&hash, hashType, hashBuf);
}
wc_HashFree(&hash, hashType);
}
AssertIntEQ(ret, 0);
/* Perform PKCS7 sign using hash directly */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
AssertIntGT(outputHeadSz, 0);
AssertIntGT(outputFootSz, 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
/* required parameter even on verify when using _ex */
pkcs7->contentSz = (word32)sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
wc_PKCS7_Free(pkcs7);
/* assembly complete PKCS7 sign and use normal verify */
{
byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
word32 outputSz = 0;
AssertNotNull(output);
XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
outputSz += outputHeadSz;
XMEMCPY(&output[outputSz], data, sizeof(data));
outputSz += sizeof(data);
XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
outputSz += outputFootSz;
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
pkcs7->hashOID = 0; /* bad hashOID */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
#endif
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
/* can pass in 0 buffer length with streaming API */
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
#endif
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_EncodeSignedData_ex */
#if defined(HAVE_PKCS7)
static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
byte* data, word32 dataSz,
int withAttribs, int detachedSig)
{
PKCS7* pkcs7;
WC_RNG rng;
static byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
static byte messageType[] = { 0x13, 2, '1', '9' };
PKCS7Attrib attribs[] =
{
{ messageTypeOid, sizeof(messageTypeOid), messageType,
sizeof(messageType) }
};
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz;
int keySz;
fp = fopen("./certs/1024/client-cert.der", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
fp = fopen("./certs/1024/client-key.der", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
fclose(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz, keySz;
fp = fopen("./certs/client-ecc-cert.der", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp);
fclose(fp);
fp = fopen("./certs/client-ecc-key.der", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp);
fclose(fp);
#endif
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_VerifySignedData()");
pkcs7->content = data;
pkcs7->contentSz = dataSz;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
if (withAttribs) {
/* include a signed attribute */
pkcs7->signedAttribs = attribs;
pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
}
if (detachedSig) {
AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
}
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
if (detachedSig) {
pkcs7->content = data;
pkcs7->contentSz = dataSz;
}
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
return outputSz;
}
#endif
/*
* Testing wc_PKCS_VerifySignedData()
*/
static void test_wc_PKCS7_VerifySignedData(void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte output[FOURK_BUF];
word32 outputSz = sizeof(output);
byte data[] = "Test data to encode.";
byte badOut[1];
word32 badOutSz = 0;
byte badContent[] = "This is different content than was signed";
AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
(word32)sizeof(data),
0, 0)), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
/* can pass in 0 buffer length with streaming API */
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
badOutSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
#endif
wc_PKCS7_Free(pkcs7);
/* Invalid content should error, use detached signature so we can
* easily change content */
AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
(word32)sizeof(data),
1, 1)), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
pkcs7->content = badContent;
pkcs7->contentSz = sizeof(badContent);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E);
wc_PKCS7_Free(pkcs7);
/* Test success case with detached signature and valid content */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
pkcs7->content = data;
pkcs7->contentSz = sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_VerifySignedData() */
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
static byte aesHandle[32]; /* simulated hardware key handle */
/* return 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
byte* in, int inSz, byte* out, void* usrCtx)
{
int ret;
Aes aes;
if (usrCtx == NULL) {
/* no simulated handle passed in */
return -1;
}
switch (encryptOID) {
case AES256CBCb:
if (ivSz != AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
break;
default:
WOLFSSL_MSG("Unsupported content cipher type for test");
return ALGO_ID_E;
};
/* simulate using handle to get key */
ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
}
(void)aad;
(void)aadSz;
(void)authTag;
(void)authTagSz;
(void)pkcs7;
return ret;
}
/* returns key size on success */
static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
word32 keyIdSz, byte* orginKey, word32 orginKeySz,
byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
{
int ret = -1;
if (out == NULL)
return BAD_FUNC_ARG;
if (keyId[0] != 0x00) {
return -1;
}
if (type != (int)PKCS7_KEKRI) {
return -1;
}
switch (keyWrapAlgo) {
case AES256_WRAP:
/* simulate setting a handle for later decryption but use key
* as handle in the test case here */
ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
aesHandle, sizeof(aesHandle), NULL);
if (ret < 0)
return ret;
ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
if (ret < 0)
return ret;
/* return key size on success */
return sizeof(defKey);
default:
WOLFSSL_MSG("Unsupported key wrap algorithm in example");
return BAD_KEYWRAP_ALG_E;
};
(void)cekSz;
(void)cek;
(void)outSz;
(void)keyIdSz;
(void)direction;
(void)orginKey; /* used with KAKRI */
(void)orginKeySz;
return ret;
}
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
/*
* Testing wc_PKCS7_EncodeEnvelopedData()
*/
static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
#ifdef ECC_TIMING_RESISTANT
WC_RNG rng;
#endif
word32 tempWrd32 = 0;
byte* tmpBytePtr = NULL;
const char input[] = "Test data to encode.";
int i;
int testSz = 0;
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
byte* rsaCert = NULL;
byte* rsaPrivKey = NULL;
word32 rsaCertSz;
word32 rsaPrivKeySz;
#if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
!defined(USE_CERT_BUFFERS_2048) )
static const char* rsaClientCert = "./certs/client-cert.der";
static const char* rsaClientKey = "./certs/client-key.der";
rsaCertSz = (word32)sizeof(rsaClientCert);
rsaPrivKeySz = (word32)sizeof(rsaClientKey);
#endif
#endif
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz;
word32 eccPrivKeySz;
#if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
static const char* eccClientCert = "./certs/client-ecc-cert.der";
static const char* eccClientKey = "./certs/ecc-client-key.der";
#endif
#endif
/* Generic buffer size. */
byte output[ONEK_BUF];
byte decoded[sizeof(input)/sizeof(char)];
int decodedSz = 0;
#ifndef NO_FILESYSTEM
XFILE certFile;
XFILE keyFile;
#endif
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
/* RSA certs and keys. */
#if defined(USE_CERT_BUFFERS_1024)
/* Allocate buffer space. */
AssertNotNull(rsaCert =
(byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_1024;
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
#elif defined(USE_CERT_BUFFERS_2048)
/* Allocate buffer */
AssertNotNull(rsaCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_2048;
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
#else
/* File system. */
certFile = XFOPEN(rsaClientCert, "rb");
AssertTrue(certFile != XBADFILE);
rsaCertSz = (word32)FOURK_BUF;
AssertNotNull(rsaCert =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
XFCLOSE(certFile);
keyFile = XFOPEN(rsaClientKey, "rb");
AssertTrue(keyFile != XBADFILE);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)FOURK_BUF;
rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
XFCLOSE(keyFile);
#endif /* USE_CERT_BUFFERS */
#endif /* NO_RSA */
/* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
#ifdef USE_CERT_BUFFERS_256
AssertNotNull(eccCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
eccCertSz = (word32)sizeof_cliecc_cert_der_256;
XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
#else /* File system. */
certFile = XFOPEN(eccClientCert, "rb");
AssertTrue(certFile != XBADFILE);
eccCertSz = (word32)FOURK_BUF;
AssertNotNull(eccCert =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
XFCLOSE(certFile);
keyFile = XFOPEN(eccClientKey, "rb");
AssertTrue(keyFile != XBADFILE);
eccPrivKeySz = (word32)FOURK_BUF;
AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
XFCLOSE(keyFile);
#endif /* USE_CERT_BUFFERS_256 */
#endif /* END HAVE_ECC */
/* Silence. */
(void)keyFile;
(void)certFile;
const pkcs7EnvelopedVector testVectors[] = {
/* DATA is a global variable defined in the makefile. */
#if !defined(NO_RSA)
#ifndef NO_DES3
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_192
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_256
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if !defined(NO_SHA256) && !defined(NO_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */
#ifdef ECC_TIMING_RESISTANT
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
for (i = 0; i < testSz; i++) {
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
(word32)(testVectors + i)->certSz), 0);
#ifdef ECC_TIMING_RESISTANT
pkcs7->rng = &rng;
#endif
pkcs7->content = (byte*)(testVectors + i)->content;
pkcs7->contentSz = (testVectors + i)->contentSz;
pkcs7->contentOID = (testVectors + i)->contentOID;
pkcs7->encryptOID = (testVectors + i)->encryptOID;
pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
pkcs7->privateKey = (testVectors + i)->privateKey;
pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
(word32)sizeof(output)), 0);
decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded));
AssertIntGE(decodedSz, 0);
/* Verify the size of each buffer. */
AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
/* Don't free the last time through the loop. */
if (i < testSz - 1 ){
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
}
} /* END test loop. */
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
printf(resultFmt, passed);
/* Decode. */
printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
/* only a failure for KARI test cases */
tempWrd32 = pkcs7->singleCertSz;
pkcs7->singleCertSz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->singleCertSz = tempWrd32;
tmpBytePtr = pkcs7->singleCert;
pkcs7->singleCert = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->singleCert = tmpBytePtr;
#endif
tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
/* test of decrypt callback with KEKRI enveloped data */
{
int envelopedSz;
const byte keyId[] = { 0x00 };
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
pkcs7->content = (byte*)input;
pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb;
AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
(byte*)defKey, sizeof(defKey), (byte*)keyId,
sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
(word32)sizeof(output))), 0);
wc_PKCS7_Free(pkcs7);
/* decode envelopedData */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
envelopedSz, decoded, sizeof(decoded))), 0);
wc_PKCS7_Free(pkcs7);
}
#endif /* !NO_AES && !NO_AES_256 */
printf(resultFmt, passed);
#ifndef NO_RSA
if (rsaCert) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (rsaPrivKey) {
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /*NO_RSA */
#ifdef HAVE_ECC
if (eccCert) {
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (eccPrivKey) {
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_ECC */
#ifdef ECC_TIMING_RESISTANT
wc_FreeRng(&rng);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3)
{
byte out[7];
byte *cms;
word32 cmsSz;
XFILE cmsFile;
XMEMSET(out, 0, sizeof(out));
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb");
AssertTrue(cmsFile != XBADFILE);
cmsSz = (word32)FOURK_BUF;
AssertNotNull(cms =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile);
XFCLOSE(cmsFile);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
sizeof_client_cert_der_2048), 0);
pkcs7->privateKey = (byte*)client_key_der_2048;
pkcs7->privateKeySz = sizeof_client_key_der_2048;
AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
sizeof(out)), 0);
XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(XMEMCMP(out, "test", 4), 0);
wc_PKCS7_Free(pkcs7);
}
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */
#endif /* HAVE_PKCS7 */
} /* END test_wc_PKCS7_EncodeEnvelopedData() */
/*
* Testing wc_PKCS7_EncodeEncryptedData()
*/
static void test_wc_PKCS7_EncodeEncryptedData (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
PKCS7* pkcs7 = NULL;
byte* tmpBytePtr = NULL;
byte encrypted[TWOK_BUF];
byte decoded[TWOK_BUF];
word32 tmpWrd32 = 0;
int tmpInt = 0;
int decodedSz;
int encryptedSz;
int testSz;
int i;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_DES3
byte desKey[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
byte des3Key[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_192
byte aes192Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_256
byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* !NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
#endif
#ifndef NO_AES_192
{data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
sizeof(aes192Key)},
#endif
#ifndef NO_AES_256
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key)},
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
};
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
for (i = 0; i < testSz; i++) {
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->encryptionKey = testVectors[i].encryptionKey;
pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
pkcs7->heap = HEAP_HINT;
/* encode encryptedData */
encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted));
AssertIntGT(encryptedSz, 0);
/* Decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded));
AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
/* Keep values for last itr. */
if (i < testSz - 1) {
wc_PKCS7_Free(pkcs7);
}
}
if (pkcs7 == NULL || testSz == 0) {
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
}
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
sizeof(encrypted)),BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
sizeof(encrypted)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
0), BAD_FUNC_ARG);
/* Testing the struct. */
tmpBytePtr = pkcs7->content;
pkcs7->content = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->content = tmpBytePtr;
tmpWrd32 = pkcs7->contentSz;
pkcs7->contentSz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->contentSz = tmpWrd32;
tmpInt = pkcs7->encryptOID;
pkcs7->encryptOID = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptOID = tmpInt;
tmpBytePtr = pkcs7->encryptionKey;
pkcs7->encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptionKey = tmpBytePtr;
tmpWrd32 = pkcs7->encryptionKeySz;
pkcs7->encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptionKeySz = tmpWrd32;
printf(resultFmt, passed);
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
NULL, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, 0), BAD_FUNC_ARG);
/* Test struct fields */
tmpBytePtr = pkcs7->encryptionKey;
pkcs7->encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->encryptionKey = tmpBytePtr;
pkcs7->encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeEncryptedData() */
/*
* Testing wc_PKCS7_Degenerate()
*/
static void test_wc_PKCS7_Degenerate(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7;
char fName[] = "./certs/test-degenerate.p7b";
XFILE f;
byte der[4096];
word32 derSz;
int ret;
printf(testingFmt, "wc_PKCS7_Degenerate()");
AssertNotNull(f = XFOPEN(fName, "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
/* test degenerate success */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
/* test with turning off degenerate cases */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_Degenerate() */
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER) && !defined(NO_DES3)
static byte berContent[] = {
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00
};
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
/*
* Testing wc_PKCS7_BER()
*/
static void test_wc_PKCS7_BER(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER)
PKCS7* pkcs7;
char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
XFILE f;
byte der[4096];
#ifndef NO_DES3
byte decoded[2048];
#endif
word32 derSz;
int ret;
printf(testingFmt, "wc_PKCS7_BER()");
AssertNotNull(f = XFOPEN(fName, "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
#ifndef NO_DES3
/* decode BER content */
AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#endif
AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
pkcs7->privateKey = der;
pkcs7->privateKeySz = derSz;
#ifndef NO_RSA
#ifdef WOLFSSL_SP_MATH
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
#else
AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), 0);
#endif
#else
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
#endif
wc_PKCS7_Free(pkcs7);
#endif /* !NO_DES3 */
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_BER() */
static void test_PKCS7_signed_enveloped(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
!defined(NO_FILESYSTEM)
XFILE f;
PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
PKCS7* inner;
#endif
void* pt;
WC_RNG rng;
unsigned char key[FOURK_BUF/2];
unsigned char cert[FOURK_BUF/2];
unsigned char env[FOURK_BUF];
int envSz = FOURK_BUF;
int keySz;
int certSz;
unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF;
#endif
printf(testingFmt, "PKCS7_signed_enveloped");
/* load cert */
AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
XFCLOSE(f);
/* load key */
AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
XFCLOSE(f);
keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
/* sign cert for envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = cert;
pkcs7->contentSz = certSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#ifdef HAVE_AES_CBC
/* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = sig;
pkcs7->contentSz = sigSz;
pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7);
#endif
/* create bad signed enveloped data */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = env;
pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
/* Set no certs in bundle for this test. Hang on to the pointer though to
* free it later. */
pt = (void*)pkcs7->certList;
pkcs7->certList = NULL; /* no certs in bundle */
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
wc_PKCS7_Free(pkcs7);
/* check verify fails */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
PKCS7_SIGNEEDS_CHECK);
/* try verifying the signature manually */
{
RsaKey rKey;
word32 idx = 0;
byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
WC_MAX_DIGEST_SIZE];
int digestSz;
AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
digest, sizeof(digest), &rKey);
AssertIntGT(digestSz, 0);
AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
/* verify was success */
}
wc_PKCS7_Free(pkcs7);
/* initializing the PKCS7 struct with the signing certificate should pass */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
wc_PKCS7_Free(pkcs7);
/* create valid degenerate bundle */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
pkcs7->content = env;
pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
/* check verify */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content);
#ifdef HAVE_AES_CBC
/* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
inner->privateKey = key;
inner->privateKeySz = keySz;
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner);
#endif
wc_PKCS7_Free(pkcs7);
#ifdef HAVE_AES_CBC
/* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7);
#endif
printf(resultFmt, passed);
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
}
static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_NoDefaultSignedAttribs()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriEncryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
WOLFSSL_CTX* ctx;
ctx = NULL;
printf(testingFmt, "wc_PKCS7_SetOriEncryptCtx()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriDecryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
WOLFSSL_CTX* ctx;
ctx = NULL;
printf(testingFmt, "wc_PKCS7_SetOriDecryptCtx()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_DecodeCompressedData(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && defined(HAVE_LIBZ)
PKCS7* pkcs7;
void* heap = NULL;
byte out[4096];
byte *decompressed;
int outSz, decompressedSz;
const char* cert = "./certs/client-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0;
printf(testingFmt, "wc_PKCS7_DecodeCompressedData()");
AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
AssertNotNull((decompressed =
(byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER)));
decompressedSz = (int)cert_sz;
AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
pkcs7->content = (byte*)cert_buf;
pkcs7->contentSz = (word32)cert_sz;
pkcs7->contentOID = DATA;
AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
sizeof(out))), 0);
wc_PKCS7_Free(pkcs7);
/* compressed key should be smaller than when started */
AssertIntLT(outSz, cert_sz);
/* test decompression */
AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
AssertIntEQ(pkcs7->contentOID, 0);
/* fail case with out buffer too small */
AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
decompressed, outSz), 0);
/* success case */
AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
decompressed, decompressedSz), cert_sz);
AssertIntEQ(pkcs7->contentOID, DATA);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
decompressed = NULL;
/* test decompression function with different 'max' inputs */
outSz = sizeof(out);
AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
0);
AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
out, outSz, 0, heap), 0);
AssertNull(decompressed);
AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
out, outSz, 0, heap), 0);
AssertNotNull(decompressed);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
decompressed = NULL;
AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
out, outSz, 0, heap), 0);
AssertNotNull(decompressed);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cert_buf)
free(cert_buf);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_i2d_PKCS12(void)
{
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
&& !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
WC_PKCS12* pkcs12 = NULL;
unsigned char der[FOURK_BUF * 2];
unsigned char* pt;
int derSz;
unsigned char out[FOURK_BUF * 2];
int outSz = FOURK_BUF * 2;
const char p12_f[] = "./certs/test-servercert.p12";
XFILE f;
printf(testingFmt, "wc_i2d_PKCS12");
f = XFOPEN(p12_f, "rb");
AssertNotNull(f);
derSz = (int)XFREAD(der, 1, sizeof(der), f);
AssertIntGT(derSz, 0);
XFCLOSE(f);
AssertNotNull(pkcs12 = wc_PKCS12_new());
AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
AssertIntEQ(outSz, derSz);
outSz = derSz - 1;
pt = out;
AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
outSz = derSz;
AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
AssertIntEQ((pt == out), 0);
pt = NULL;
AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
wc_PKCS12_free(pkcs12);
printf(resultFmt, passed);
#endif
}
/* Testing wc_SignatureGetSize() for signature type ECC */
static int test_wc_SignatureGetSize_ecc(void)
{
int ret = 0;
#ifndef NO_SIG_WRAPPER
#if defined(HAVE_ECC) && !defined(NO_ECC256)
enum wc_SignatureType sig_type;
word32 key_len;
/* Initialize ECC Key */
ecc_key ecc;
const char* qx =
"fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
const char* qy =
"d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
const char* d =
"be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
ret = wc_ecc_init(&ecc);
if (ret == 0) {
ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
}
printf(testingFmt, "wc_SigntureGetSize_ecc()");
if (ret == 0) {
/* Input for signature type ECC */
sig_type = WC_SIGNATURE_TYPE_ECC;
key_len = sizeof(ecc_key);
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
/* Test bad args */
if (ret > 0) {
sig_type = (enum wc_SignatureType) 100;
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
if (ret == BAD_FUNC_ARG) {
sig_type = WC_SIGNATURE_TYPE_ECC;
ret = wc_SignatureGetSize(sig_type, NULL, key_len);
}
if (ret >= 0) {
key_len = (word32) 0;
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
}
if (ret == BAD_FUNC_ARG) {
ret = SIG_TYPE_E;
}
}
} else {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&ecc);
#else
ret = SIG_TYPE_E;
#endif
if (ret == SIG_TYPE_E) {
ret = 0;
}
else {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NO_SIG_WRAPPER */
return ret;
}/* END test_wc_SignatureGetSize_ecc() */
/* Testing wc_SignatureGetSize() for signature type rsa */
static int test_wc_SignatureGetSize_rsa(void)
{
int ret = 0;
#ifndef NO_SIG_WRAPPER
#ifndef NO_RSA
enum wc_SignatureType sig_type;
word32 key_len;
word32 idx = 0;
/* Initialize RSA Key */
RsaKey rsa_key;
byte* tmp = NULL;
size_t bytes;
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_key_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#else
bytes = FOURK_BUF;
#endif
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp != NULL) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024,
(size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048,
(size_t)sizeof_client_key_der_2048);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (file != XBADFILE) {
bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
}
else {
ret = WOLFSSL_FATAL_ERROR;
}
#else
ret = WOLFSSL_FATAL_ERROR;
#endif
} else {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
}
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
}
printf(testingFmt, "wc_SigntureGetSize_rsa()");
if (ret == 0) {
/* Input for signature type RSA */
sig_type = WC_SIGNATURE_TYPE_RSA;
key_len = sizeof(RsaKey);
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
/* Test bad args */
if (ret > 0) {
sig_type = (enum wc_SignatureType) 100;
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
if (ret == BAD_FUNC_ARG) {
sig_type = WC_SIGNATURE_TYPE_RSA;
ret = wc_SignatureGetSize(sig_type, NULL, key_len);
}
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
#else
if (ret == 0) {
#endif
key_len = (word32)0;
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
}
if (ret == BAD_FUNC_ARG) {
ret = SIG_TYPE_E;
}
}
} else {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRsaKey(&rsa_key);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ret = SIG_TYPE_E;
#endif
if (ret == SIG_TYPE_E) {
ret = 0;
}else {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NO_SIG_WRAPPER */
return ret;
}/* END test_wc_SignatureGetSize_rsa(void) */
/*----------------------------------------------------------------------------*
| hash.h Tests
*----------------------------------------------------------------------------*/
static int test_wc_HashInit(void)
{
int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
wc_HashAlg hash;
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifndef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifndef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifndef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
};
/* dynamically finds the length */
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
/* check for bad args */
if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
ret = 1;
break;
}
wc_HashFree(&hash, enumArray[i]);
/* check for null ptr */
if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
ret = 1;
break;
}
} /* end of for loop */
printf(testingFmt, "wc_HashInit()");
if (ret==0) { /* all tests have passed */
printf(resultFmt, passed);
}
else { /* a test has failed */
printf(resultFmt, failed);
}
return ret;
} /* end of test_wc_HashInit */
/*
* Unit test function for wc_HashSetFlags()
*/
static int test_wc_HashSetFlags(void)
{
int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
printf(testingFmt, "wc_HashSetFlags()");
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
#ifdef WOLFSSL_SHA3
WC_HASH_TYPE_SHA3_224,
#endif
};
enum wc_HashType notSupported[] = {
WC_HASH_TYPE_MD5_SHA,
WC_HASH_TYPE_MD2,
WC_HASH_TYPE_MD4,
WC_HASH_TYPE_BLAKE2B,
WC_HASH_TYPE_BLAKE2S,
WC_HASH_TYPE_NONE,
};
/* dynamically finds the length */
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
ret = wc_HashInit(&hash, enumArray[i]);
if (ret == 0) {
ret = wc_HashSetFlags(&hash, enumArray[i], flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashSetFlags(NULL, enumArray[i], flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
wc_HashFree(&hash, enumArray[i]);
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashSetFlags(&hash, notSupported[j], flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_HashSetFlags */
/*
* Unit test function for wc_HashGetFlags()
*/
static int test_wc_HashGetFlags(void)
{
int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
printf(testingFmt, "wc_HashGetFlags()");
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
#ifdef WOLFSSL_SHA3
WC_HASH_TYPE_SHA3_224,
#endif
};
enum wc_HashType notSupported[] = {
WC_HASH_TYPE_MD5_SHA,
WC_HASH_TYPE_MD2,
WC_HASH_TYPE_MD4,
WC_HASH_TYPE_BLAKE2B,
WC_HASH_TYPE_BLAKE2S,
WC_HASH_TYPE_NONE,
};
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
ret = wc_HashInit(&hash, enumArray[i]);
if (ret == 0) {
ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
wc_HashFree(&hash, enumArray[i]);
if (ret != 0) {
break;
}
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_HashGetFlags */
/*----------------------------------------------------------------------------*
| Compatibility Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_lhash(void)
{
#ifdef OPENSSL_ALL
const char testStr[] = "Like a true nature's child\n"
"We were born\n"
"Born to be wild";
printf(testingFmt, "wolfSSL_LH_strhash()");
AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
defined(OPENSSL_EXTRA))
X509* x509;
const unsigned char* c;
unsigned char buf[4096];
int bytes;
XFILE f;
const X509_NAME* a;
const X509_NAME* b;
X509_NAME* d2i_name = NULL;
int sz;
unsigned char* tmp;
char file[] = "./certs/ca-cert.der";
#ifndef OPENSSL_EXTRA_X509_SMALL
byte empty[] = { /* CN=empty emailAddress= */
0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x00
};
#endif
printf(testingFmt, "wolfSSL_X509_NAME()");
#ifndef OPENSSL_EXTRA_X509_SMALL
/* test compile of deprecated function, returns 0 */
AssertIntEQ(CRYPTO_thread_id(), 0);
#endif
AssertNotNull(a = X509_NAME_new());
X509_NAME_free((X509_NAME*)a);
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
c = buf;
AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
/* test cmp function */
AssertNotNull(a = X509_get_issuer_name(x509));
AssertNotNull(b = X509_get_subject_name(x509));
#ifndef OPENSSL_EXTRA_X509_SMALL
AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
#endif
tmp = buf;
AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
if (sz > 0 && tmp == buf) {
printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
printf(" Expected pointer to be incremented\n");
abort();
}
#ifndef OPENSSL_EXTRA_X509_SMALL
tmp = buf;
AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
#endif
/* retry but with the function creating a buffer */
tmp = NULL;
AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
#ifndef OPENSSL_EXTRA_X509_SMALL
AssertIntEQ(X509_NAME_cmp(a, b), 0);
#endif
X509_NAME_free((X509_NAME*)b);
X509_NAME_free(d2i_name);
X509_free(x509);
#ifndef OPENSSL_EXTRA_X509_SMALL
/* test with an empty domain component */
tmp = empty;
sz = sizeof(empty);
AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);
/* size of empty emailAddress will be 0 */
tmp = buf;
AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
(char*)tmp, sizeof(buf)), 0);
/* should contain no organization name */
tmp = buf;
AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
(char*)tmp, sizeof(buf)), -1);
X509_NAME_free(d2i_name);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}
static void test_wolfSSL_X509_NAME_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
BIO* bio;
X509* x509 = NULL;
printf(testingFmt, "wolfSSL_X509_NAME_hash");
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0xF6CF410E);
AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0x677DD39A);
X509_free(x509);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_X509_INFO(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
STACK_OF(X509_INFO) *info_stack;
X509_INFO *info;
BIO *cert;
int i;
/* PEM in hex format to avoid null terminator */
byte data[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47,
0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d,
0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d
};
/* PEM in hex format to avoid null terminator */
byte data2[] = {
0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72,
0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50,
0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d,
0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71,
0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d,
0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
};
printf(testingFmt, "wolfSSL_X509_INFO");
AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
AssertNotNull(info->x509);
AssertNull(info->crl);
}
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_free(info_stack);
BIO_free(cert);
/* This case should fail due to invalid input. */
AssertNotNull(cert = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data));
AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
AssertNotNull(cert = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2));
AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
printf(resultFmt, passed);
#endif
}
#endif
static void test_wolfSSL_X509_subject_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509;
X509_NAME* subjectName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
ret = X509_subject_name_hash(x509);
AssertIntNE(ret, 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_issuer_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509;
X509_NAME* issuertName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
ret = X509_issuer_name_hash(x509);
AssertIntNE(ret, 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_host(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_SHA) && !defined(NO_RSA)
X509* x509;
const char altName[] = "example.com";
printf(testingFmt, "wolfSSL_X509_check_host()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
WOLFSSL_FAILURE);
X509_free(x509);
AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
WOLFSSL_FAILURE);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_email(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
X509* x509;
const char goodEmail[] = "info@wolfssl.com";
const char badEmail[] = "disinfo@wolfssl.com";
printf(testingFmt, "wolfSSL_X509_check_email()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
/* Should fail on non-matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
WOLFSSL_FAILURE);
/* Should succeed on matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
WOLFSSL_SUCCESS);
/* Should compute length internally when not provided */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
WOLFSSL_SUCCESS);
/* Should fail when email address is NULL */
AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
WOLFSSL_FAILURE);
X509_free(x509);
/* Should fail when x509 is NULL */
AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
WOLFSSL_FAILURE);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_DES(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
const_DES_cblock myDes;
DES_cblock iv;
DES_key_schedule key;
word32 i;
DES_LONG dl;
unsigned char msg[] = "hello wolfssl";
printf(testingFmt, "wolfSSL_DES()");
DES_check_key(1);
DES_set_key(&myDes, &key);
/* check, check of odd parity */
XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/
XMEMSET(key, 5, sizeof(DES_key_schedule));
AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
/* set odd parity for success case */
DES_set_odd_parity(&myDes);
AssertIntEQ(DES_check_key_parity(&myDes), 1);
printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
AssertIntEQ(DES_is_weak_key(&myDes), 0);
/* check weak key */
XMEMSET(myDes, 1, sizeof(const_DES_cblock));
XMEMSET(key, 5, sizeof(DES_key_schedule));
AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
/* now do unchecked copy of a weak key over */
DES_set_key_unchecked(&myDes, &key);
/* compare arrays, should be the same */
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
AssertIntEQ(DES_is_weak_key(&myDes), 1);
/* check DES_key_sched API */
XMEMSET(key, 1, sizeof(DES_key_schedule));
AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
AssertIntEQ(DES_key_sched(NULL, &key), 0);
AssertIntEQ(DES_key_sched(&myDes, &key), 0);
/* compare arrays, should be the same */
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
/* DES_cbc_cksum should return the last 4 of the last 8 bytes after
* DES_cbc_encrypt on the input */
XMEMSET(iv, 0, sizeof(DES_cblock));
XMEMSET(myDes, 5, sizeof(DES_key_schedule));
AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
AssertIntEQ(dl, 480052723);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}
static void test_wc_PemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
int ret;
DerBuffer* pDer = NULL;
const char* ca_cert = "./certs/server-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0;
int eccKey = 0;
EncryptedInfo info;
printf(testingFmt, "wc_PemToDer()");
XMEMSET(&info, 0, sizeof(info));
ret = load_file(ca_cert, &cert_buf, &cert_sz);
if (ret == 0) {
ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
&pDer, NULL, &info, &eccKey);
AssertIntEQ(ret, 0);
wc_FreeDer(&pDer);
}
if (cert_buf)
free(cert_buf);
#ifdef HAVE_ECC
{
const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
byte key_buf[256] = {0};
/* Test fail of loading a key with cert type */
AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
key_buf[0] = '\n';
XMEMCPY(key_buf + 1, cert_buf, cert_sz);
AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#ifdef OPENSSL_EXTRA
AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#endif
wc_FreeDer(&pDer);
if (cert_buf)
free(cert_buf);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wc_AllocDer(void)
{
#if !defined(NO_CERTS)
int ret;
DerBuffer* pDer = NULL;
word32 testSize = 1024;
printf(testingFmt, "wc_AllocDer()");
ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
AssertIntEQ(ret, 0);
AssertNotNull(pDer);
wc_FreeDer(&pDer);
printf(resultFmt, passed);
#endif
}
static void test_wc_CertPemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
int ret;
const char* ca_cert = "./certs/ca-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0, cert_dersz = 0;
byte* cert_der = NULL;
printf(testingFmt, "wc_CertPemToDer()");
ret = load_file(ca_cert, &cert_buf, &cert_sz);
if (ret == 0) {
cert_dersz = cert_sz; /* DER will be smaller than PEM */
cert_der = (byte*)malloc(cert_dersz);
if (cert_der) {
ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz, CERT_TYPE);
AssertIntGE(ret, 0);
}
}
if (cert_der)
free(cert_der);
if (cert_buf)
free(cert_buf);
#endif
}
static void test_wc_PubKeyPemToDer(void)
{
#ifdef WOLFSSL_PEM_TO_DER
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
int ret;
const char* key = "./certs/ecc-client-keyPub.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0, cert_dersz = 0;
byte* cert_der = NULL;
printf(testingFmt, "wc_PubKeyPemToDer()");
ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz);
AssertIntGE(ret, BAD_FUNC_ARG);
ret = load_file(key, &cert_buf, &cert_sz);
if (ret == 0) {
cert_dersz = cert_sz; /* DER will be smaller than PEM */
cert_der = (byte*)malloc(cert_dersz);
if (cert_der) {
ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz);
AssertIntGE(ret, 0);
}
}
if (cert_der)
free(cert_der);
if (cert_buf)
free(cert_buf);
#endif
#endif
}
static void test_wc_PemPubKeyToDer(void)
{
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
int ret;
const char* key = "./certs/ecc-client-keyPub.pem";
size_t cert_dersz = 1024;
byte* cert_der = (byte*)malloc(cert_dersz);
printf(testingFmt, "wc_PemPubKeyToDer()");
ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
AssertIntGE(ret, BAD_FUNC_ARG);
if (cert_der) {
ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
AssertIntGE(ret, 0);
free(cert_der);
}
#endif
}
static void test_wolfSSL_certs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509* x509ext;
#ifdef OPENSSL_ALL
X509* x509;
WOLFSSL_X509_EXTENSION* ext;
ASN1_OBJECT* obj;
#endif
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
STACK_OF(ASN1_OBJECT)* sk;
ASN1_STRING* asn1_str;
AUTHORITY_KEYID* akey;
BASIC_CONSTRAINTS* bc;
int crit;
printf(testingFmt, "wolfSSL_certs()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_PK_CALLBACKS
AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
#endif /* HAVE_PK_CALLBACKS */
/* create and use x509 */
#ifdef OPENSSL_ALL
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#endif
x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509ext);
AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* with loading in a new cert the check on private key should now fail */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#if defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(SSL_use_certificate_ASN1(ssl,
(unsigned char*)server_cert_der_2048,
sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
#endif
#if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
/************* Get Digest of Certificate ******************/
{
byte digest[64]; /* max digest size */
word32 digestSz;
XMEMSET(digest, 0, sizeof(digest));
AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
WOLFSSL_FAILURE);
}
#endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
/* test and checkout X509 extensions */
bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
&crit, NULL);
AssertNotNull(bc);
AssertIntEQ(crit, 0);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
AssertNotNull(ext = X509_EXTENSION_new());
X509_EXTENSION_set_critical(ext, 1);
AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
ASN1_OBJECT_free(obj);
X509_EXTENSION_free(ext);
AssertNotNull(ext = X509_EXTENSION_new());
X509_EXTENSION_set_critical(ext, 0);
AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
NULL);
AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
* and X509_get_ext_d2i has created new */
X509_EXTENSION_free(ext);
#endif
BASIC_CONSTRAINTS_free(bc);
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
AssertNotNull(asn1_str);
AssertIntEQ(crit, 1);
AssertIntEQ(asn1_str->type, NID_key_usage);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
#endif
ASN1_STRING_free(asn1_str);
#ifdef OPENSSL_ALL
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
&crit, NULL);
AssertNotNull(sk);
ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
sk_ASN1_OBJECT_free(sk);
#else
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
&crit, NULL);
AssertNull(sk);
#endif
akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
NID_authority_key_identifier, &crit, NULL);
AssertNotNull(akey);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
#endif
wolfSSL_AUTHORITY_KEYID_free(akey);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
NID_private_key_usage_period, &crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
&crit, NULL);
/* AssertNotNull(sk); no alt names set */
sk_GENERAL_NAME_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
NULL);
/* AssertNotNull(sk); no auth info set */
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
NID_certificate_policies, &crit, NULL);
#if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
AssertNull(sk);
#else
/* AssertNotNull(sk); no cert policy set */
#endif
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
/* test invalid cases */
crit = 0;
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
AssertNull(sk);
AssertIntEQ(crit, -1);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
NULL, NULL);
AssertNull(sk);
AssertIntEQ(SSL_get_hit(ssl), 0);
#ifdef OPENSSL_ALL
X509_free(x509);
#endif
X509_free(x509ext);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_CERTS */
}
static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
X509* x509;
EVP_PKEY* pkey = NULL;
const byte* key;
printf(testingFmt, "wolfSSL_X509_check_private_key()");
/* Check with correct key */
AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM)));
key = client_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_client_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 1);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Check with wrong key */
key = server_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_server_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 0);
/* test for incorrect parameter */
AssertIntEQ(X509_check_private_key(NULL, pkey), 0);
AssertIntEQ(X509_check_private_key(x509, NULL), 0);
AssertIntEQ(X509_check_private_key(NULL, NULL), 0);
EVP_PKEY_free(pkey);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
&& (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048)
BIO* bio;
X509* x509;
const unsigned char* der = client_cert_der_2048;
ASN1_TIME* t;
unsigned char buf[25];
printf(testingFmt, "wolfSSL_ASN1_TIME_print()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Feb 10 19:49:52 2021 GMT", sizeof(buf) - 1), 0);
/* create a bad time and test results */
AssertNotNull(t = X509_get_notAfter(x509));
AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
t->data[8] = 0;
t->data[3] = 0;
AssertIntNE(ASN1_TIME_print(bio, t), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);
BIO_free(bio);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_UTCTIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
BIO* bio;
ASN1_UTCTIME* utc = NULL;
unsigned char buf[25];
const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
printf(testingFmt, "ASN1_UTCTIME_print()");
/* NULL parameter check */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
BIO_free(bio);
/* Valid date */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
DYNAMIC_TYPE_ASN1));
utc->type = ASN_UTC_TIME;
utc->length = ASN_UTC_TIME_SIZE;
XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
XMEMSET(buf, 0, sizeof(buf));
BIO_free(bio);
/* Invalid format */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
utc->type = ASN_UTC_TIME;
utc->length = ASN_UTC_TIME_SIZE;
XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
BIO_free(bio);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
}
static void test_wolfSSL_ASN1_TIME_diff(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
ASN1_TIME* fromTime;
ASN1_TIME* toTime;
int daysDiff;
int secsDiff;
printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff");
AssertNotNull((fromTime = ASN1_TIME_new()));
/* Feb 22, 2003, 21:15:15 */
AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
AssertNotNull((toTime = ASN1_TIME_new()));
/* Dec 19, 2010, 18:10:11 */
AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
AssertIntEQ(daysDiff, 2856);
AssertIntEQ(secsDiff, 75296);
ASN1_TIME_free(fromTime);
ASN1_TIME_free(toTime);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
unsigned char nullstr[32];
printf(testingFmt, "test_wolfSSL_ASN1_GENERALIZEDTIME_free");
XMEMSET(nullstr, 0, 32);
asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (asn1_gtime) {
XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_private_keys(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
EVP_PKEY* pkey = NULL;
printf(testingFmt, "wolfSSL_private_keys()");
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
#ifndef NO_RSA
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* Have to load a cert before you can check the private key against that
* certificates public key! */
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
{
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
unsigned char buf[FOURK_BUF];
word32 bufSz;
AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
/* test loading private key to the WOLFSSL_CTX */
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
/* pkey not set yet, expecting to fail */
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
/* set PKEY and test again */
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
/* reuse PKEY structure and test
* this should be checked with a memory management sanity checker */
AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
server_key = (const unsigned char*)server_key_der_2048;
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
/* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
bufSz = FOURK_BUF;
AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
(byte*)server_key_der_2048, sizeof_server_key_der_2048,
RSAk, NULL, 0)), 0);
server_key = (const unsigned char*)buf;
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
(long)bufSz));
}
#endif
EVP_PKEY_free(pkey);
SSL_free(ssl); /* frees x509 also since loaded into ssl */
SSL_CTX_free(ctx);
#endif /* end of RSA private key match tests */
#ifdef HAVE_ECC
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of ECC private key match tests */
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of Ed25519 private key match tests */
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of Ed448 private key match tests */
EVP_cleanup();
/* test existence of no-op macros in wolfssl/openssl/ssl.h */
CONF_modules_free();
ENGINE_cleanup();
CONF_modules_unload();
(void)ssl;
(void)ctx;
(void)pkey;
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_read_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
&& !defined(NO_FILESYSTEM) && !defined(NO_BIO)
XFILE file;
const char* fname = "./certs/server-key.pem";
EVP_PKEY* pkey;
RSA* rsa;
WOLFSSL_EVP_PKEY_CTX* ctx;
unsigned char* sig;
size_t sigLen;
const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
size_t tbsLen = sizeof(tbs);
printf(testingFmt, "test_wolfSSL_PEM_read_PrivateKey()");
/* Check error case. */
AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
/* Read in an RSA key. */
file = XFOPEN(fname, "rb");
AssertTrue(file != XBADFILE);
AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
XFCLOSE(file);
/* Make sure the key is usable by signing some data with it. */
AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
AssertIntGT((sigLen = RSA_size(rsa)), 0);
AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
WOLFSSL_SUCCESS);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
(!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
#ifndef NO_BIO
BIO* bio = NULL;
#endif
EVP_PKEY* pkey = NULL;
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
#ifndef NO_BIO
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
/* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/server-key.pem";
const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EVP_PKEY* pkey3;
RSA* rsa_key = NULL;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf) {
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
}
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
bio = BIO_new_mem_buf(buf, (int)sz);
AssertNotNull(bio);
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_RSA;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Qt unit test case : rsa pkcs8 key */
file = XFOPEN(fname_rsa_p8, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey3 = EVP_PKEY_new());
AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
RSA_free(rsa_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-key.pem";
const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EVP_PKEY* pkey3;
EC_KEY* ec_key;
int nid = 0;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
AssertNotNull(pkey3 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_EC;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
/* Qt unit test case 1*/
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
/* Test default digest */
AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
AssertIntEQ(nid, NID_sha256);
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Qt unit test case ec pkcs8 key */
file = XFOPEN(fname_ecc_p8, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey3 = EVP_PKEY_new());
/* Qt unit test case */
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{
#define BIO_PEM_TEST_CHAR 'a'
EVP_PKEY* pkey2 = NULL;
unsigned char extra[10];
int i;
BIO* pub_bio = NULL;
printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertNull(pkey);
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(bio), 0);
AssertIntEQ(BIO_pending(bio), 1679);
/* Check if the pubkey API writes only the public key */
#ifdef WOLFSSL_KEY_GEN
AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(pub_bio), 0);
/* Previously both the private key and the pubkey calls would write
* out the private key and the PEM header was the only difference.
* The public PEM should be significantly shorter than the
* private key versison. */
AssertIntEQ(BIO_pending(pub_bio), 451);
#endif
/* test creating new EVP_PKEY with good args */
AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
/* test of reuse of EVP_PKEY */
AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertNotNull(pkey);
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
}
AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
AssertIntEQ(BIO_read(bio, extra, 10), 10);
for (i = 0; i < 10; i++) {
AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
}
BIO_free(pub_bio);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
EVP_PKEY_free(pkey2);
}
#endif
/* key is DES encrypted */
#if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) && \
defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
{
XFILE f;
wc_pem_password_cb* passwd_cb;
void* passwd_cb_userdata;
SSL_CTX* ctx;
char passwd[] = "bad password";
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
#endif
#else
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#endif
AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(passwd_cb_userdata =
SSL_CTX_get_default_passwd_cb_userdata(ctx));
/* fail case with password call back */
AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
(void*)passwd));
BIO_free(bio);
AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
(void*)passwd));
BIO_free(bio);
f = XFOPEN("./certs/server-keyEnc.pem", "rb");
AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
/* use callback that works */
AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
(void*)"yassl123"));
AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(bio);
bio = NULL;
SSL_CTX_free(ctx);
}
#endif /* !defined(NO_DES3) */
#endif /* !NO_BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
unsigned char buf[2048];
size_t bytes;
XFILE f;
SSL_CTX* ctx;
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
#endif
#else
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#endif
f = XFOPEN("./certs/ecc-key.der", "rb");
AssertTrue((f != XBADFILE));
bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
server_key = buf;
pkey = NULL;
AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
AssertNull(pkey);
AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
EVP_PKEY_free(pkey);
pkey = NULL;
SSL_CTX_free(ctx);
}
#endif
printf(resultFmt, passed);
#ifndef NO_BIO
(void)bio;
#endif
(void)pkey;
(void)server_key;
#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_bio_RSAKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
!defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
RSA* rsa = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_RSAKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
/* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */
AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb"));
AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
RSA_free(rsa);
#ifdef HAVE_ECC
/* ensure that non-rsa keys do not work */
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
RSA_free(rsa);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
(defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_RSAPrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
RSA* rsa = NULL;
RSA* rsa_dup = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
AssertPtrNE(rsa_dup, rsa);
#endif
/* test if valgrind complains about unreleased memory */
RSA_up_ref(rsa);
RSA_free(rsa);
BIO_free(bio);
RSA_free(rsa);
RSA_free(rsa_dup);
#ifdef HAVE_ECC
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
BIO_free(bio);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_bio_DSAKey(void)
{
#ifndef HAVE_SELFTEST
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
DSA* dsa = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_DSAKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(BN_num_bytes(dsa->g), 128);
AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
WOLFSSL_SUCCESS);
BIO_free(bio);
DSA_free(dsa);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(BN_num_bytes(dsa->g), 128);
AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
BIO_free(bio);
DSA_free(dsa);
#ifdef HAVE_ECC
/* ensure that non-dsa keys do not work */
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
DSA_free(dsa);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
!defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_FILESYSTEM) && !defined(NO_DSA) */
#endif /* HAVE_SELFTEST */
}
static void test_wolfSSL_PEM_bio_ECKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
EC_KEY* ec = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_ECKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
NULL),WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_SUCCESS);
BIO_free(bio);
EC_KEY_free(ec);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
BIO_free(bio);
EC_KEY_free(ec);
#ifndef NO_RSA
/* ensure that non-ec keys do not work */
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
EC_KEY_free(ec);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_PUBKEY(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-client-keyPub.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EC_KEY* ec_key;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
/* Qt unit test case*/
AssertNotNull(pkey2 = EVP_PKEY_new());
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0);
#endif
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
(void)bio;
(void)pkey;
#endif
}
#endif /* !NO_BIO */
static void test_DSA_do_sign_verify(void)
{
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA)
unsigned char digest[WC_SHA_DIGEST_SIZE];
DSA_SIG* sig;
DSA* dsa;
word32 bytes;
byte sigBin[DSA_SIG_SIZE];
int dsacheck;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
printf(testingFmt, "DSA_do_sign_verify()");
XMEMSET(digest, 202, sizeof(digest));
AssertNotNull(dsa = DSA_new());
AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
DSA_SIG_free(sig);
DSA_free(dsa);
#endif
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
}
static void test_wolfSSL_tmp_dh(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
byte buff[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
DSA* dsa;
DH* dh;
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH* dh2;
#endif
BIO* bio;
SSL* ssl;
SSL_CTX* ctx;
printf(testingFmt, "wolfSSL_tmp_dh()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
#endif
AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
#else
AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
#endif
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH_free(dh2);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ctrl(void)
{
#if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
byte buff[6000];
BIO* bio;
int bytes;
BUF_MEM* ptr = NULL;
printf(testingFmt, "wolfSSL_crtl()");
bytes = sizeof(buff);
bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio);
AssertNotNull(BIO_s_socket());
AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
/* needs tested after stubs filled out @TODO
SSL_ctrl
SSL_CTX_ctrl
*/
BIO_free(bio);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
}
static void test_wolfSSL_EVP_PKEY_new_mac_key(void)
{
#ifdef OPENSSL_EXTRA
static const unsigned char pw[] = "password";
static const int pwSz = sizeof(pw) - 1;
size_t checkPwSz = 0;
const unsigned char* checkPw = NULL;
WOLFSSL_EVP_PKEY* key = NULL;
printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()");
AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
if (key) {
AssertIntEQ(key->type, EVP_PKEY_HMAC);
AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
AssertIntEQ(key->pkey_sz, pwSz);
AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
}
AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
AssertIntEQ((int)checkPwSz, pwSz);
if (checkPw) {
AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
}
wolfSSL_EVP_PKEY_free(key);
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
if (key) {
AssertIntEQ(key->pkey_sz, 0);
}
checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
(void)checkPw;
AssertIntEQ((int)checkPwSz, 0);
wolfSSL_EVP_PKEY_free(key);
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
if (key) {
AssertIntEQ(key->pkey_sz, 0);
}
checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
(void)checkPw;
AssertIntEQ((int)checkPwSz, 0);
wolfSSL_EVP_PKEY_free(key);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_Digest(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
const char* in = "abc";
int inLen = (int)XSTRLEN(in);
byte out[WC_SHA256_DIGEST_SIZE];
unsigned int outLen;
const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
printf(testingFmt, "wolfSSL_EVP_Digest()");
AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif /* OPEN_EXTRA && ! NO_SHA256 */
}
static void test_wolfSSL_EVP_Digest_all(void)
{
#ifdef OPENSSL_EXTRA
const char* digests[] = {
#ifndef NO_MD5
"MD5",
#endif
#ifndef NO_SHA
"SHA",
#endif
#ifdef WOLFSSL_SHA224
"SHA224",
#endif
#ifndef NO_SHA256
"SHA256",
#endif
#ifdef WOLFSSL_SHA384
"SHA384",
#endif
#ifdef WOLFSSL_SHA512
"SHA512",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
"SHA512_224",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
"SHA512_256",
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
"SHA3_224",
#endif
#ifndef WOLFSSL_NOSHA3_256
"SHA3_256",
#endif
"SHA3_384",
#ifndef WOLFSSL_NOSHA3_512
"SHA3_512",
#endif
#endif /* WOLFSSL_SHA3 */
NULL
};
const char** d;
const unsigned char in[] = "abc";
int inLen = XSTR_SIZEOF(in);
byte out[WC_MAX_DIGEST_SIZE];
unsigned int outLen;
printf(testingFmt, "wolfSSL_EVP_Digest_all");
for (d = digests; *d != NULL; d++) {
AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1);
AssertIntGT(outLen, 0);
AssertIntEQ(EVP_MD_size(*d), outLen);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_size(void)
{
#ifdef OPENSSL_EXTRA
WOLFSSL_EVP_MD_CTX mdCtx;
printf(testingFmt, "wolfSSL_EVP_MD_size()");
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef WOLFSSL_NOSHA3_256
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#ifndef WOLFSSL_NOSHA3_512
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#endif /* WOLFSSL_SHA3 */
#ifndef NO_SHA256
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef NO_MD5
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA224
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA384
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA512
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef NO_SHA
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
/* error case */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
/* Cleanup is valid on uninit'ed struct */
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_MD_pkey_type(void)
{
#ifdef OPENSSL_EXTRA
const WOLFSSL_EVP_MD* md;
printf(testingFmt, "test_wolfSSL_EVP_MD_pkey_type()");
#ifndef NO_MD5
AssertNotNull(md = EVP_md5());
AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
#endif
#ifndef NO_SHA
AssertNotNull(md = EVP_sha1());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA224
AssertNotNull(md = EVP_sha224());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
#endif
AssertNotNull(md = EVP_sha256());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
#ifdef WOLFSSL_SHA384
AssertNotNull(md = EVP_sha384());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA512
AssertNotNull(md = EVP_sha512());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
#endif
printf(resultFmt, passed);
#endif
}
#ifdef OPENSSL_EXTRA
static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
size_t testKeySz, const char* testData, size_t testDataSz,
const byte* testResult, size_t testResultSz)
{
unsigned char check[WC_MAX_DIGEST_SIZE];
size_t checkSz = -1;
WOLFSSL_EVP_PKEY* key;
WOLFSSL_EVP_MD_CTX mdCtx;
printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()");
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
testKey, (int)testKeySz));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)testDataSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, (int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)testDataSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, (int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)testDataSz - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)testDataSz - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_PKEY_free(key);
}
#endif
static void test_wolfSSL_EVP_MD_hmac_signing(void)
{
#ifdef OPENSSL_EXTRA
static const unsigned char testKey[] =
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
static const char testData[] = "Hi There";
#ifdef WOLFSSL_SHA224
static const unsigned char testResultSha224[] =
{
0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
0x53, 0x68, 0x4b, 0x22
};
#endif
#ifndef NO_SHA256
static const unsigned char testResultSha256[] =
{
0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
#endif
#ifdef WOLFSSL_SHA384
static const unsigned char testResultSha384[] =
{
0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
};
#endif
#ifdef WOLFSSL_SHA512
static const unsigned char testResultSha512[] =
{
0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
};
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
static const unsigned char testResultSha3_224[] =
{
0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
0xf3, 0xc8, 0x60, 0xf7
};
#endif
#ifndef WOLFSSL_NOSHA3_256
static const unsigned char testResultSha3_256[] =
{
0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
};
#endif
#ifndef WOLFSSL_NOSHA3_384
static const unsigned char testResultSha3_384[] =
{
0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
};
#endif
#ifndef WOLFSSL_NOSHA3_512
static const unsigned char testResultSha3_512[] =
{
0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
};
#endif
#endif
#ifndef NO_SHA256
test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha256, sizeof(testResultSha256));
#endif
#ifdef WOLFSSL_SHA224
test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha224, sizeof(testResultSha224));
#endif
#ifdef WOLFSSL_SHA384
test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha384, sizeof(testResultSha384));
#endif
#ifdef WOLFSSL_SHA512
test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha512, sizeof(testResultSha512));
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_224,
sizeof(testResultSha3_224));
#endif
#ifndef WOLFSSL_NOSHA3_256
test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_256,
sizeof(testResultSha3_256));
#endif
#ifndef WOLFSSL_NOSHA3_384
test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_384,
sizeof(testResultSha3_384));
#endif
#ifndef WOLFSSL_NOSHA3_512
test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_512,
sizeof(testResultSha3_512));
#endif
#endif
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_MD_rsa_signing(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
defined(USE_CERT_BUFFERS_2048)
WOLFSSL_EVP_PKEY* privKey;
WOLFSSL_EVP_PKEY* pubKey;
WOLFSSL_EVP_PKEY_CTX* keyCtx;
const char testData[] = "Hi There";
WOLFSSL_EVP_MD_CTX mdCtx;
size_t checkSz = -1;
int sz = 2048 / 8;
const unsigned char* cp;
const unsigned char* p;
unsigned char check[2048/8];
size_t i;
int paddings[] = {
RSA_PKCS1_PADDING,
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
RSA_PKCS1_PSS_PADDING,
#endif
};
printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()");
cp = client_key_der_2048;
AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
sizeof_client_key_der_2048)));
p = client_keypub_der_2048;
AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
sizeof_client_keypub_der_2048)));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
/* Check all signing padding types */
for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
wolfSSL_EVP_sha256(), NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
paddings[i]), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
wolfSSL_EVP_sha256(), NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
paddings[i]), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
}
wolfSSL_EVP_PKEY_free(pubKey);
wolfSSL_EVP_PKEY_free(privKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_ecc_signing(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
WOLFSSL_EVP_PKEY* privKey;
WOLFSSL_EVP_PKEY* pubKey;
const char testData[] = "Hi There";
WOLFSSL_EVP_MD_CTX mdCtx;
size_t checkSz = -1;
const unsigned char* cp;
const unsigned char* p;
unsigned char check[2048/8];
printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");
cp = ecc_clikey_der_256;
privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256);
AssertNotNull(privKey);
p = ecc_clikeypub_der_256;
AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
sizeof_ecc_clikeypub_der_256)));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_PKEY_free(pubKey);
wolfSSL_EVP_PKEY_free(privKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_add_extra_chain_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
char caFile[] = "./certs/client-ca.pem";
char clientFile[] = "./certs/client-cert.pem";
SSL_CTX* ctx;
X509* x509;
BIO *bio = NULL;
X509 *cert = NULL;
X509 *ca;
STACK_OF(X509) *chain = NULL;
STACK_OF(X509) *chain2 = NULL;
printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
/* additional test of getting EVP_PKEY key size from X509
* Do not run with user RSA because wolfSSL_RSA_size is not currently
* allowed with user RSA */
{
EVP_PKEY* pkey;
#if defined(HAVE_ECC)
X509* ecX509;
#endif /* HAVE_ECC */
AssertNotNull(pkey = X509_get_pubkey(x509));
/* current RSA key is 2048 bit (256 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 256);
EVP_PKEY_free(pkey);
#if defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
SSL_FILETYPE_ASN1));
#else
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
#endif
pkey = X509_get_pubkey(ecX509);
AssertNotNull(pkey);
/* current ECC key is 256 bit (32 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 32);
X509_free(ecX509);
EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
}
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
#ifdef WOLFSSL_ENCRYPTED_KEYS
AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif
SSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
/* Test haproxy use case */
AssertNotNull(bio = BIO_new_file(svrCertFile, "r"));
/* Read Certificate */
AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL));
AssertNotNull(chain = sk_X509_new_null());
AssertIntEQ(sk_X509_push(chain, ca), 1);
AssertNotNull(chain2 = X509_chain_up_ref(chain));
AssertNotNull(ca = sk_X509_shift(chain2));
AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1);
AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1);
BIO_free(bio);
X509_free(cert);
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain2, X509_free);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */
}
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
static void test_wolfSSL_ERR_peek_last_error_line(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
int line = 0;
int flag = ERR_TXT_STRING;
const char* file = NULL;
const char* data = NULL;
printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfTLSv1_1_client_method;
server_cb.method = wolfTLSv1_2_server_method;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
FreeTcpReady(&ready);
AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
AssertNotNull(data);
/* check clearing error state */
ERR_remove_state(0);
AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
ERR_peek_last_error_line(NULL, &line);
AssertIntEQ(line, 0);
ERR_peek_last_error_line(&file, NULL);
AssertNull(file);
/* retry connection to fill error queue */
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
client_cb.method = wolfTLSv1_1_client_method;
server_cb.method = wolfTLSv1_2_server_method;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
FreeTcpReady(&ready);
/* check that error code was stored */
AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
ERR_peek_last_error_line(NULL, &line);
AssertIntNE(line, 0);
ERR_peek_last_error_line(&file, NULL);
AssertNotNull(file);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
printf("\nTesting error print out\n");
ERR_print_errors_fp(stdout);
printf("Done testing print out\n\n");
fflush(stdout);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
}
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
static int verify_cb(int ok, X509_STORE_CTX *ctx)
{
(void) ok;
(void) ctx;
printf("ENTER verify_cb\n");
return SSL_SUCCESS;
}
#endif
static void test_wolfSSL_X509_Name_canon(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
const long ex_hash1 = 0x0fdb2da4;
const long ex_hash2 = 0x9f3e8c9e;
X509_NAME *name = NULL;
X509 *x509 = NULL;
FILE* file = NULL;
unsigned long hash = 0;
byte digest[WC_MAX_DIGEST_SIZE] = {0};
byte *pbuf = NULL;
word32 len = 0;
(void) ex_hash2;
printf(testingFmt, "test_wolfSSL_X509_Name_canon()");
file = XFOPEN(caCertFile, "rb");
AssertNotNull(file);
AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
AssertNotNull(name = X509_get_issuer_name(x509));
AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
AssertIntEQ(hash, ex_hash1);
XFCLOSE(file);
X509_free(x509);
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
pbuf = NULL;
file = XFOPEN(cliCertFile, "rb");
AssertNotNull(file);
AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
AssertNotNull(name = X509_get_issuer_name(x509));
AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
AssertIntEQ(hash, ex_hash2);
XFCLOSE(file);
X509_free(x509);
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
const int MAX_DIR = 4;
const char paths[][32] = {
"./certs/ed25519",
"./certs/ecc",
"./certs/crl",
"./certs/",
};
char CertCrl_path[MAX_FILENAME_SZ];
char *p;
X509_STORE* str;
X509_LOOKUP* lookup;
WOLFSSL_STACK* sk = NULL;
int len, total_len, i;
(void) sk;
printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()");
XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
/* illegal string */
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
SSL_FILETYPE_PEM,NULL), 0);
/* free store */
X509_STORE_free(str);
/* short folder string */
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
SSL_FILETYPE_PEM,NULL), 1);
#if defined(WOLFSSL_INT_H)
/* only available when including internal.h */
AssertNotNull(sk = lookup->dirs->dir_entry);
#endif
/* free store */
X509_STORE_free(str);
/* typical function check */
p = &CertCrl_path[0];
total_len = 0;
for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
len = (int)XSTRLEN((const char*)&paths[i]);
total_len += len;
XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
p += len;
if (i != 0) *(p++) = SEPARATOR_CHAR;
}
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
SSL_FILETYPE_PEM,NULL), 1);
#if defined(WOLFSSL_INT_H)
/* only available when including internal.h */
AssertNotNull(sk = lookup->dirs->dir_entry);
#endif
X509_STORE_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT)
X509_STORE_CTX* ctx;
X509_STORE* str;
X509_LOOKUP* lookup;
X509* cert1;
X509* x509Ca;
X509* x509Svr;
X509* issuer;
WOLFSSL_STACK* sk = NULL;
X509_NAME* caName;
X509_NAME* issuerName;
FILE* file1 = NULL;
int i, cert_count, cmp;
char der[] = "certs/ca-cert.der";
#ifdef HAVE_CRL
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
#endif
printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()");
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
fclose(file1);
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
SSL_FILETYPE_PEM,NULL), 1);
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
/* check if CA cert is loaded into the store */
for (i = 0; i < cert_count; i++) {
x509Ca = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
}
AssertNotNull((x509Svr =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
issuer = X509_STORE_CTX_get0_current_issuer(ctx);
AssertNotNull(issuer);
caName = X509_get_subject_name(x509Ca);
AssertNotNull(caName);
issuerName = X509_get_subject_name(issuer);
AssertNotNull(issuerName);
cmp = X509_NAME_cmp(caName, issuerName);
AssertIntEQ(cmp, 0);
/* load der format */
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_STORE_free(str);
sk_X509_free(sk);
X509_free(x509Svr);
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
SSL_FILETYPE_ASN1,NULL), 1);
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
/* check if CA cert is loaded into the store */
for (i = 0; i < cert_count; i++) {
x509Ca = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
}
X509_STORE_free(str);
sk_X509_free(sk);
X509_free(cert1);
#ifdef HAVE_CRL
AssertNotNull(str = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
SSL_FILETYPE_PEM,NULL), 1);
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
"certs/server-revoked-cert.pem",
SSL_FILETYPE_PEM,NULL), 1);
if (str) {
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
"certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
SSL_FILETYPE_PEM, NULL), 1);
}
if (str) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
"certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
X509_STORE_free(str);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup()");
X509_STORE_CTX_cleanup(NULL);
X509_STORE_CTX_trusted_stack(NULL, NULL);
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
#ifdef WOLFSSL_SIGNER_DER_CERT
int cmp;
#endif
X509_STORE_CTX* ctx;
X509_STORE* str;
X509* x509Ca;
X509* x509Svr;
X509* issuer;
X509_NAME* caName;
X509_NAME* issuerName;
printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()");
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull((x509Ca =
wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
AssertNotNull((x509Svr =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
issuer = X509_STORE_CTX_get0_current_issuer(ctx);
AssertNotNull(issuer);
caName = X509_get_subject_name(x509Ca);
AssertNotNull(caName);
issuerName = X509_get_subject_name(issuer);
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertNotNull(issuerName);
cmp = X509_NAME_cmp(caName, issuerName);
AssertIntEQ(cmp, 0);
#else
AssertNotNull(issuerName);
#endif
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_free(x509Svr);
X509_STORE_free(str);
X509_free(x509Ca);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS7_certs(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
STACK_OF(X509)* sk = NULL;
STACK_OF(X509_INFO)* info_sk = NULL;
PKCS7 *p7 = NULL;
BIO* bio;
const byte* p = NULL;
int buflen = 0;
int i;
printf(testingFmt, "wolfSSL_PKCS7_certs()");
/* Test twice. Once with d2i and once without to test
* that everything is free'd correctly. */
for (i = 0; i < 2; i++) {
AssertNotNull(p7 = PKCS7_new());
p7->version = 1;
p7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
AssertNotNull(sk = sk_X509_new_null());
while (sk_X509_INFO_num(info_sk)) {
X509_INFO* info;
AssertNotNull(info = sk_X509_INFO_shift(info_sk));
AssertIntEQ(sk_X509_push(sk, info->x509), 1);
info->x509 = NULL;
X509_INFO_free(info);
}
sk_X509_INFO_free(info_sk);
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
if (i == 0) {
PKCS7_free(p7);
AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
/* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
((WOLFSSL_PKCS7*)p7)->certs = NULL;
/* PKCS7_free free's the certs */
AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
}
BIO_free(bio);
PKCS7_free(p7);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
}
static void test_wolfSSL_X509_STORE_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE_CTX* ctx;
X509_STORE* str;
X509* x509;
#ifdef OPENSSL_ALL
X509* x5092;
STACK_OF(X509) *sk, *sk2, *sk3;
#endif
printf(testingFmt, "wolfSSL_X509_STORE_CTX()");
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
#ifdef OPENSSL_ALL
/* sk_X509_new only in OPENSSL_ALL */
sk = sk_X509_new();
AssertNotNull(sk);
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
#endif
AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
X509_STORE_CTX_set_error(ctx, -5);
X509_STORE_CTX_set_error(NULL, -5);
X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
sk_X509_free(sk);
#endif
X509_STORE_free(str);
X509_free(x509);
AssertNotNull(ctx = X509_STORE_CTX_new());
X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
/* test X509_STORE_CTX_get(1)_chain */
AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM)));
AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM)));
AssertNotNull((sk = sk_X509_new()));
AssertIntEQ(sk_X509_push(sk, x509), 1);
AssertNotNull((str = X509_STORE_new()));
AssertNotNull((ctx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
X509_STORE_CTX_free(ctx);
X509_STORE_free(str);
/* CTX certs not freed yet */
X509_free(x5092);
sk_X509_free(sk);
/* sk3 is dup so free here */
sk_X509_free(sk3);
#endif
/* test X509_STORE_CTX_get/set_ex_data */
{
int i = 0, tmpData = 5;
void* tmpDataRet;
AssertNotNull(ctx = X509_STORE_CTX_new());
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
for (i = 0; i < MAX_EX_DATA; i++) {
AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
WOLFSSL_SUCCESS);
tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
AssertNotNull(tmpDataRet);
AssertIntEQ(tmpData, *(int*)tmpDataRet);
}
#else
AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
WOLFSSL_FAILURE);
tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
AssertNull(tmpDataRet);
#endif
X509_STORE_CTX_free(ctx);
}
/* test X509_STORE_get/set_ex_data */
{
int i = 0, tmpData = 99;
void* tmpDataRet;
AssertNotNull(str = X509_STORE_new());
#if defined(HAVE_EX_DATA)
for (i = 0; i < MAX_EX_DATA; i++) {
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_SUCCESS);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNotNull(tmpDataRet);
AssertIntEQ(tmpData, *(int*)tmpDataRet);
}
#else
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_FAILURE);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNull(tmpDataRet);
#endif
X509_STORE_free(str);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_STORE_set_flags(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE* store;
X509* x509;
printf(testingFmt, "wolfSSL_X509_STORE_set_flags()");
AssertNotNull((store = wolfSSL_X509_STORE_new()));
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
#ifdef HAVE_CRL
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
NOT_COMPILED_IN);
#endif
wolfSSL_X509_free(x509);
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_LOOKUP_load_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
WOLFSSL_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
}
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
}
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_STORE_CTX_set_time(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_X509_STORE_CTX* ctx;
time_t c_time;
printf(testingFmt, "wolfSSL_X509_set_time()");
AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
c_time = 365*24*60*60;
wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
AssertTrue(
(ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
AssertTrue(ctx->param->check_time == c_time);
wolfSSL_X509_STORE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_get0_set1_param(void)
{
#if defined(OPENSSL_EXTRA)
int ret;
SSL_CTX* ctx;
WOLFSSL_X509_VERIFY_PARAM* pParam;
WOLFSSL_X509_VERIFY_PARAM* pvpm;
char testIPv4[] = "127.0.0.1";
char testhostName[] = "foo.hoge.com";
printf(testingFmt, "wolfSSL_CTX_get0_set1_param()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertNull(SSL_CTX_get0_param(NULL));
AssertNotNull(pParam = SSL_CTX_get0_param(ctx));
pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
AssertNotNull(pvpm);
XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
(int)XSTRLEN(testhostName));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
ret = SSL_CTX_set1_param(ctx, pvpm);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
(int)XSTRLEN(testhostName)));
AssertIntEQ(0x01, pParam->hostFlags);
AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
/* test for incorrect patameter */
AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL));
AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm));
AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL));
SSL_CTX_free(ctx);
XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_get0_param(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
SSL_CTX* ctx;
SSL* ssl;
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_get0_param()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
pParam = SSL_get0_param(ssl);
(void)pParam;
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
{
#if defined(OPENSSL_EXTRA)
const char host[] = "www.example.com";
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
{
#if defined(OPENSSL_EXTRA)
unsigned char buf[16] = {0};
WOLFSSL_X509_VERIFY_PARAM* param;
printf(testingFmt, "test_wolfSSL_X509_VERIFY_PARAM_set1_ip()");
AssertNotNull(param = X509_VERIFY_PARAM_new());
/* test 127.0.0.1 */
buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0);
/* test 2001:db8:3333:4444:5555:6666:7777:8888 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68;
buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102;
buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc,
"2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0);
/* test 2001:db8:: */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0);
/* test ::1234:5678 */
buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0);
/* test 2001:db8::1234:5678 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678",
sizeof(param->ipasc)), 0);
/* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/
/* 2001:db8:1::ab9:c0a8:102 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185;
buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102",
sizeof(param->ipasc)), 0);
XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
{
#if defined(OPENSSL_EXTRA)
X509_STORE* store;
X509_STORE_CTX* ctx;
X509_STORE_CTX* ctx_no_init;
printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()");
AssertNotNull((store = X509_STORE_new()));
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_store(NULL));
/* should return NULL if ctx has not bee initialized */
AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
AssertNotNull(X509_STORE_CTX_get0_store(ctx));
wolfSSL_X509_STORE_CTX_free(ctx);
wolfSSL_X509_STORE_CTX_free(ctx_no_init);
X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_set_client_CA_list(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
X509_NAME* name = NULL;
STACK_OF(X509_NAME)* names = NULL;
STACK_OF(X509_NAME)* ca_list = NULL;
int i, names_len;
printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* Send two X501 names in cert request */
names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names);
ca_list = SSL_load_client_CA_file(caCertFile);
AssertNotNull(ca_list);
AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1);
SSL_CTX_set_client_CA_list(ctx, names);
/* This should only free the stack structure */
sk_X509_NAME_free(ca_list);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(name = sk_X509_NAME_value(names, i));
AssertIntEQ(sk_X509_NAME_find(names, name), i);
}
/* Needed to be able to create ssl object */
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* load again as old names are responsibility of ctx to free*/
names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names);
SSL_set_client_CA_list(ssl, names);
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(name = sk_X509_NAME_value(names, i));
AssertIntEQ(sk_X509_NAME_find(names, name), i);
}
printf(resultFmt, passed);
#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
{
tcp_ready ready;
func_args server_args;
callback_functions server_cb;
THREAD_TYPE serverThread;
WOLFSSL* ssl_client;
WOLFSSL_CTX* ctx_client;
SOCKET_T sockfd = 0;
printf(testingFmt, "wolfSSL_get_client_CA_list() with handshake");
StartTCP();
InitTcpReady(&ready);
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
server_args.signal = &ready;
server_args.callbacks = &server_cb;
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.ctx = ctx;
server_cb.isSharedCtx = 1;
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl_client = wolfSSL_new(ctx_client));
AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
/* We are expecting two cert names to be sent */
AssertIntEQ(sk_X509_NAME_num(ca_list), 2);
AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx));
for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
AssertNotNull(name = sk_X509_NAME_value(ca_list, i));
AssertIntGE(sk_X509_NAME_find(names, name), 0);
}
wolfSSL_shutdown(ssl_client);
wolfSSL_free(ssl_client);
wolfSSL_CTX_free(ctx_client);
join_thread(serverThread);
FreeTcpReady(&ready);
printf(resultFmt, passed);
}
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
}
static void test_wolfSSL_CTX_add_client_CA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx;
WOLFSSL_X509* x509;
WOLFSSL_X509* x509_a;
STACK_OF(X509_NAME)* ca_list;
int ret = 0;
printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
/* Add client cert */
x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
AssertNotNull(x509);
ret = SSL_CTX_add_client_CA(ctx, x509);
AssertIntEQ(ret, SSL_SUCCESS);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
/* Add another client cert */
AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
/* test for incorrect parameter */
AssertIntEQ(SSL_CTX_add_client_CA(NULL, x509), 0);
AssertIntEQ(SSL_CTX_add_client_CA(ctx, NULL), 0);
AssertIntEQ(SSL_CTX_add_client_CA(NULL, NULL), 0);
X509_free(x509);
X509_free(x509_a);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
static THREAD_RETURN WOLFSSL_THREAD server_task(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
port = ((func_args*)args)->signal->port;
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
CloseSocket(sfd);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
do {
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
static void keyLog_callback(const WOLFSSL* ssl, const char* line )
{
AssertNotNull(ssl);
AssertNotNull(line);
XFILE fp;
const byte lf = '\n';
fp = XFOPEN("./MyKeyLog.txt", "a");
XFWRITE( line, 1, strlen(line),fp);
XFWRITE( (void*)&lf,1,1,fp);
XFCLOSE(fp);
}
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
static void test_wolfSSL_CTX_set_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
SSL_CTX* ctx;
printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
SSL_CTX_free(ctx);
SSL_CTX_set_keylog_callback(NULL, NULL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_CTX_get_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
SSL_CTX* ctx;
printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback);
SSL_CTX_set_keylog_callback(ctx, NULL );
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls12_Key_Logging_test(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
/* This test is intended for checking whether keylog callback is called
* in client during TLS handshake between the client and a server.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
XFILE fp;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_Tls12_Key_Logging_test()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
ready.port = 22222;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
/* clean up keylog file */
fp = XFOPEN("./MyKeyLog.txt", "w");
XFCLOSE(fp);
/* start server task */
start_thread(server_task, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* run as a TLS1.2 client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* set keylog callback */
wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
/* get connected the server task */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* check if the keylog file exists */
char buff[300] = {0};
int found = 0;
fp = XFOPEN("./MyKeyLog.txt", "r");
AssertNotNull(fp);
while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
if(0 == strncmp(buff,"CLIENT_RANDOM ",
sizeof("CLIENT_RANDOM ")-1)) {
found = 1;
break;
}
}
XFCLOSE(fp);
/* a log starting with "CLIENT_RANDOM " should exit in the file */
AssertNotNull( found );
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls13_Key_Logging_test(void)
{
#if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
defined(HAVE_SECRET_CALLBACK)
/* This test is intended for checking whether keylog callback is called
* in client during TLS handshake between the client and a server.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
XFILE fp;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_Tls13_Key_Logging_test()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
ready.port = 22222;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
/* clean up keylog file */
fp = XFOPEN("./MyKeyLog.txt", "w");
XFCLOSE(fp);
/* start server task */
start_thread(server_task, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* run as a TLS1.2 client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* set keylog callback */
wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
/* get connected the server task */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* check if the keylog file exists */
char buff[300] = {0};
int found[4] = {0};
fp = XFOPEN("./MyKeyLog.txt", "r");
AssertNotNull(fp);
while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
if(0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ",
sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
found[0] = 1;
continue;
}
else if(0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ",
sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
found[1] = 1;
continue;
}
else if(0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ",
sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) {
found[2] = 1;
continue;
}
else if(0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ",
sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) {
found[3] = 1;
continue;
}
}
XFCLOSE(fp);
int numfnd = 0;
for( uint i = 0; i < 4; i++) {
if( found[i] != 0)
numfnd++;
}
AssertIntEQ( numfnd,4 );
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
static void post_auth_version_cb(WOLFSSL* ssl)
{
/* do handshake and then test version error */
AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
#if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
/* check was added to error queue */
AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
/* check the string matches expected string */
AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
"WRONG_SSL_VERSION");
#endif
}
static void post_auth_cb(WOLFSSL* ssl)
{
/* do handshake and then test version error */
AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl));
AssertNull(wolfSSL_get_peer_certificate(ssl));
AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS);
}
static void set_post_auth_cb(WOLFSSL* ssl)
{
if (!wolfSSL_is_server(ssl)) {
AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0);
}
else {
wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL);
}
}
#endif
static void test_wolfSSL_Tls13_postauth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
tcp_ready ready;
func_args client_args;
func_args server_args;
callback_functions server_cbf;
callback_functions client_cbf;
THREAD_TYPE serverThread;
printf(testingFmt, "wolfSSL_Tls13_postauth()");
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* test version failure doing post auth with TLS 1.2 connection */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
client_cbf.ssl_ready = set_post_auth_cb;
server_cbf.on_result = post_auth_version_cb;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
/* tests on post auth with TLS 1.3 */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
client_cbf.ssl_ready = set_post_auth_cb;
server_cbf.on_result = post_auth_cb;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
FreeTcpReady(&ready);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NID(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
int sigType;
int nameSz;
X509* cert;
EVP_PKEY* pubKeyTmp;
X509_NAME* name;
char commonName[80];
char countryName[80];
char localityName[80];
char stateName[80];
char orgName[80];
char orgUnit[80];
printf(testingFmt, "wolfSSL_X509_NID()");
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
/* convert cert from DER to internal WOLFSSL_X509 struct */
AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048));
/* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
/* extract PUBLIC KEY from cert */
AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));
/* extract signatureType */
AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
/* extract subjectName info */
AssertNotNull(name = X509_get_subject_name(cert));
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
NULL, 0)), 0);
AssertIntEQ(nameSz, 15);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, sizeof(commonName))), 0);
AssertIntEQ(nameSz, 15);
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, 9)), 0);
AssertIntEQ(nameSz, 8);
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
countryName, sizeof(countryName))), 0);
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
localityName, sizeof(localityName))), 0);
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
stateName, sizeof(stateName))), 0);
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
orgName, sizeof(orgName))), 0);
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
orgUnit, sizeof(orgUnit))), 0);
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
EVP_PKEY_free(pubKeyTmp);
X509_free(cert);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_set_srp_username(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
const char *username = "TESTUSER";
const char *password = "TESTPASSWORD";
int r;
printf(testingFmt, "wolfSSL_CTX_set_srp_username()");
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_srp_username(ssl));
AssertStrEQ(SSL_get_srp_username(ssl), username);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
/* && !NO_SHA256 && !WC_NO_RNG */
}
static void test_wolfSSL_CTX_set_srp_password(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
WOLFSSL_CTX* ctx;
const char *username = "TESTUSER";
const char *password = "TESTPASSWORD";
int r;
printf(testingFmt, "wolfSSL_CTX_set_srp_password()");
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
/* && !NO_SHA256 && !WC_NO_RNG */
}
static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
X509_STORE *store;
#ifdef HAVE_CRL
X509_STORE_CTX *storeCtx;
X509_CRL *crl;
X509 *ca, *cert;
const char crlPem[] = "./certs/crl/crl.revoked";
const char srvCert[] = "./certs/server-revoked-cert.pem";
const char caCert[] = "./certs/ca-cert.pem";
XFILE fp;
printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
/* should fail to verify now after adding in CRL */
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
fp = XFOPEN(crlPem, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
NULL, NULL));
XFCLOSE(fp);
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
X509_CRL_free(crl);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
#endif /* HAVE_CRL */
#ifndef WOLFCRYPT_ONLY
{
SSL_CTX* ctx;
SSL* ssl;
int i;
for (i = 0; i < 2; i++) {
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
SSL_CTX_set_cert_store(ctx, store);
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
SSL_CTX_set_cert_store(ctx, store);
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM), SSL_SUCCESS);
AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
SSL_FILETYPE_PEM), SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
if (i == 0) {
AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS);
}
else {
AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS);
X509_STORE_free(store);
}
SSL_free(ssl);
SSL_CTX_free(ctx);
}
}
#endif
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_X509_STORE_load_locations(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
SSL_CTX *ctx;
X509_STORE *store;
const char ca_file[] = "./certs/ca-cert.pem";
const char client_pem_file[] = "./certs/client-cert.pem";
const char client_der_file[] = "./certs/client-cert.der";
const char ecc_file[] = "./certs/ecc-key.pem";
const char certs_path[] = "./certs/";
const char bad_path[] = "./bad-path/";
#ifdef HAVE_CRL
const char crl_path[] = "./certs/crl/";
const char crl_file[] = "./certs/crl/crl.pem";
#endif
printf(testingFmt, "wolfSSL_X509_STORE_load_locations");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);
/* Test bad arguments */
AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);
#ifdef HAVE_CRL
/* Test with CRL */
AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
#endif
/* Test with CA */
AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);
/* Test with client_cert and certs path */
AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Clear nodes */
ERR_clear_error();
#endif
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_X509_STORE_get0_objects(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
X509_STORE *store;
X509_STORE *store_cpy;
SSL_CTX *ctx;
X509_OBJECT *obj;
STACK_OF(X509_OBJECT) *objs;
int i;
printf(testingFmt, "wolfSSL_X509_STORE_get0_objects");
/* Setup store */
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertNotNull(store_cpy = X509_STORE_new());
AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS);
#ifdef HAVE_CRL
AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS);
#endif
/* Store ready */
/* Similar to HaProxy ssl_set_cert_crl_file use case */
AssertNotNull(objs = X509_STORE_get0_objects(store));
#ifdef HAVE_CRL
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertIntEQ(sk_X509_OBJECT_num(objs), 4);
#else
AssertIntEQ(sk_X509_OBJECT_num(objs), 1);
#endif
#else
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertIntEQ(sk_X509_OBJECT_num(objs), 3);
#else
AssertIntEQ(sk_X509_OBJECT_num(objs), 0);
#endif
#endif
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
switch (X509_OBJECT_get_type(obj)) {
case X509_LU_X509:
AssertNotNull(X509_OBJECT_get0_X509(obj));
AssertIntEQ(X509_STORE_add_cert(store_cpy,
X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS);
break;
case X509_LU_CRL:
#ifdef HAVE_CRL
AssertNotNull(X509_OBJECT_get0_X509_CRL(obj));
AssertIntEQ(X509_STORE_add_crl(store_cpy,
X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS);
break;
#endif
case X509_LU_NONE:
default:
Fail(("X509_OBJECT_get_type should return x509 or crl "
"(when built with crl support)"),
("Unrecognized X509_OBJECT type or none"));
}
}
X509_STORE_free(store_cpy);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BN(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
BIGNUM* a;
BIGNUM* b;
BIGNUM* c;
BIGNUM* d;
ASN1_INTEGER* ai;
printf(testingFmt, "wolfSSL_BN()");
AssertNotNull(b = BN_new());
AssertNotNull(c = BN_new());
AssertNotNull(d = BN_new());
ai = ASN1_INTEGER_new();
AssertNotNull(ai);
/* at the moment hard setting since no set function */
ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */
ai->data[2] = 0x03;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
ASN1_INTEGER_free(ai);
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
/* a + 3 = */
AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE);
AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS);
/* check result 3 + 3*/
AssertIntEQ(BN_get_word(a), 6);
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a - 3 = */
AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE);
AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS);
/* check result 3 - 3*/
AssertIntEQ(BN_get_word(a), 0);
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a^b mod c = */
AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
/* check result 3^2 mod 5 */
AssertIntEQ(BN_get_word(d), 4);
/* a*b = */
AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS);
/* check result 3*2 */
AssertIntEQ(BN_get_word(d), 6);
/* c/b = */
AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
/* check result 5/2 */
AssertIntEQ(BN_get_word(d), 2); /* check quotient */
AssertIntEQ(BN_get_word(a), 1); /* check remainder */
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a*b mod c = */
AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
/* check result 3*2 mod 5 */
AssertIntEQ(BN_get_word(d), 1);
AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS);
AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS);
#ifdef WOLFSSL_KEY_GEN
/* gcd of a and b */
AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE);
AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS);
/* check result gcd(16, 24) */
AssertIntEQ(BN_get_word(d), 8);
#endif /* WOLFSSL_KEY_GEN */
/* set b back to 2 */
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
/* BN_mod_inverse test */
BIGNUM *r = BN_new();
BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
AssertIntEQ((int)(BN_get_word(r) & 0x03), 3);
BN_free(val);
#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_INT_NEGATIVE))
AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
{
char* ret;
AssertNotNull(ret = BN_bn2dec(c));
AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
}
#endif
AssertIntEQ(BN_get_word(c), 4);
#endif
BN_free(a);
BN_free(b);
BN_free(c);
BN_clear_free(d);
/* check that converting NULL and the null string returns an error */
a = NULL;
AssertIntLE(BN_hex2bn(&a, NULL), 0);
AssertIntLE(BN_hex2bn(&a, ""), 0);
AssertNull(a);
/* check that getting a string and a bin of the same number are equal,
* and that the comparison works EQ, LT and GT */
AssertIntGT(BN_hex2bn(&a, "03"), 0);
AssertNotNull(b = BN_new());
AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS);
AssertNotNull(c = BN_new());
AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS);
AssertIntEQ(BN_cmp(a, b), 0);
AssertIntLT(BN_cmp(a, c), 0);
AssertIntGT(BN_cmp(c, b), 0);
AssertIntEQ(BN_set_word(a, 0), 1);
AssertIntEQ(BN_is_zero(a), 1);
AssertIntEQ(BN_set_bit(a, 0x45), 1);
AssertIntEQ(BN_is_zero(a), 0);
AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
AssertIntEQ(BN_clear_bit(a, 0x45), 1);
AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
AssertIntEQ(BN_is_zero(a), 1);
BN_free(a);
BN_free(b);
BN_free(c);
#if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
{
BIGNUM *ap;
BIGNUM bv;
BIGNUM cv;
BIGNUM dv;
AssertNotNull(ap = BN_new());
BN_init(&bv);
BN_init(&cv);
BN_init(&dv);
AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
/* a^b mod c = */
AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
/* check result 3^2 mod 5 */
AssertIntEQ(BN_get_word(&dv), 4);
/* a*b mod c = */
AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
/* check result 3*2 mod 5 */
AssertIntEQ(BN_get_word(&dv), 1);
BN_free(ap);
}
#endif
#ifdef WOLFSSL_KEY_GEN
AssertNotNull(a = BN_new());
AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS);
BN_free(a);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#define TEST_ARG 0x1234
static void msg_cb(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg)
{
(void)write_p;
(void)version;
(void)content_type;
(void)buf;
(void)len;
(void)ssl;
AssertTrue(arg == (void*)TEST_ARG);
}
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(NO_WOLFSSL_SERVER)
#ifndef SINGLE_THREADED
#if defined(SESSION_CERTS)
#include "wolfssl/internal.h"
#endif
static int msgCb(SSL_CTX *ctx, SSL *ssl)
{
(void) ctx;
(void) ssl;
#if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
STACK_OF(X509)* sk;
X509* x509;
int i, num;
BIO* bio;
#endif
printf("\n===== msgcb called ====\n");
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
AssertNotNull(SSL_get0_verified_chain(ssl));
#endif
#if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
sk = SSL_get_peer_cert_chain(ssl);
AssertNotNull(sk);
if (!sk) {
BIO_free(bio);
return SSL_FAILURE;
}
num = sk_X509_num(sk);
AssertTrue(num > 0);
for (i = 0; i < num; i++) {
x509 = sk_X509_value(sk,i);
AssertNotNull(x509);
if (!x509)
break;
printf("Certificate at index [%d] = :\n",i);
X509_print(bio,x509);
printf("\n\n");
}
BIO_free(bio);
#endif
return SSL_SUCCESS;
}
#endif
#endif
static void test_wolfSSL_msgCb(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(NO_WOLFSSL_SERVER)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_msgCb");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
#ifndef WOLFSSL_NO_TLS12
client_cb.method = wolfTLSv1_2_client_method;
server_cb.method = wolfTLSv1_2_server_method;
#else
client_cb.method = wolfTLSv1_3_client_method;
server_cb.method = wolfTLSv1_3_server_method;
#endif
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, msgCb);
join_thread(serverThread);
#endif
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
!defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_either_side");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
/* Use different CTX for client and server */
client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
AssertNotNull(client_cb.ctx);
server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
AssertNotNull(server_cb.ctx);
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
wolfSSL_CTX_free(client_cb.ctx);
wolfSSL_CTX_free(server_cb.ctx);
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DTLS_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
!defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(WOLFSSL_DTLS)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_DTLS_either_side");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
/* Use different CTX for client and server */
client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
AssertNotNull(client_cb.ctx);
server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
AssertNotNull(server_cb.ctx);
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
wolfSSL_CTX_free(client_cb.ctx);
wolfSSL_CTX_free(server_cb.ctx);
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_generate_cookie(void)
{
#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO)
SSL_CTX* ctx;
SSL* ssl;
byte buf[FOURK_BUF] = {0};
printf(testingFmt, "test_generate_cookie");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
AssertNotNull(ssl = SSL_new(ctx));
/* Test unconnected */
AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
wolfSSL_SetCookieCtx(ssl, ctx);
AssertNotNull(wolfSSL_GetCookieCtx(ssl));
AssertNull(wolfSSL_GetCookieCtx(NULL));
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_set_options(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
char appData[] = "extra msg";
unsigned char protos[] = {
7, 't', 'l', 's', '/', '1', '.', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int len = sizeof(protos);
void *arg = (void *)TEST_ARG;
printf(testingFmt, "wolfSSL_set_options()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
SSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
SSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER
ctx = SSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = SSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS);
AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl));
if (ssl) {
AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl),
appData, sizeof(appData)), 0);
}
#else
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE);
AssertNull(SSL_get_app_data((const WOLFSSL*)ssl));
#endif
AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE |
WOLFSSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
SSL_set_msg_callback_arg(ssl, arg);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
#else
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
#endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
#if defined(HAVE_ALPN) && !defined(NO_BIO)
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == 0);
#else
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == SSL_SUCCESS);
#endif
#endif /* HAVE_ALPN && !NO_BIO */
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_sk_SSL_CIPHER(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
STACK_OF(SSL_CIPHER) *sk, *dup;
printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(sk = SSL_get_ciphers(ssl));
AssertNotNull(dup = sk_SSL_CIPHER_dup(sk));
AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dup));
/* error case because connection has not been established yet */
AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
sk_SSL_CIPHER_free(dup);
/* sk is pointer to internal struct that should be free'd in SSL_free */
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_set1_curves_list(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_RSA)
SSL* ssl = NULL;
SSL_CTX* ctx = NULL;
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_set1_sigalgs_list(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
#ifndef NO_RSA
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
WOLFSSL_FAILURE);
#ifdef WC_RSA_PSS
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"),
WOLFSSL_SUCCESS);
#endif
#ifdef WOLFSSL_SHA512
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
#elif defined(WOLFSSL_SHA384)
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
WOLFSSL_FAILURE);
#endif
#endif
#ifdef HAVE_ECC
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_SHA512
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
#elif defined(WOLFSSL_SHA384)
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
#endif
#endif
#endif
#ifdef HAVE_ED25519
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_ED448
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS);
#endif
#ifndef NO_DSA
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"),
WOLFSSL_SUCCESS);
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"),
WOLFSSL_SUCCESS);
#endif
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
/* Testing wolfSSL_set_tlsext_status_type function.
* PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
*/
static void test_wolfSSL_set_tlsext_status_type(void){
#if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
!defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
SSL* ssl;
SSL_CTX* ctx;
printf(testingFmt, "wolfSSL_set_tlsext_status_type()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp),
SSL_SUCCESS);
AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp);
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_read_bio(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
byte buff[6000];
XFILE f;
int bytes;
X509* x509;
BIO* bio = NULL;
BUF_MEM* buf;
printf(testingFmt, "wolfSSL_PEM_read_bio()");
f = XFOPEN(cliCertFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
BIO_free(bio);
BUF_MEM_free(buf);
X509_free(x509);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
#if defined(OPENSSL_EXTRA)
static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
long argl, long ret)
{
(void)bio;
(void)cmd;
(void)argp;
(void)argi;
(void)argl;
return ret;
}
#endif
static void test_wolfSSL_BIO(void)
{
#if defined(OPENSSL_EXTRA)
const unsigned char* p;
byte buff[20];
BIO* bio1;
BIO* bio2;
BIO* bio3;
char* bufPt;
int i;
printf(testingFmt, "wolfSSL_BIO()");
for (i = 0; i < 20; i++) {
buff[i] = i;
}
/* test BIO_free with NULL */
AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
/* Creating and testing type BIO_s_bio */
AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
/* read/write before set up */
AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
XMEMCPY(bufPt, buff, 10);
AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
/* write buffer full */
AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
/* write the other direction with pair */
AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
XMEMCPY(bufPt, buff, 8);
AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
/* try read */
AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);
/* try read using ctrl function */
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
for (i = 0; i < 20; i++) {
AssertIntEQ((int)bufPt[i], i);
}
AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
for (i = 0; i < 8; i++) {
AssertIntEQ((int)bufPt[i], i);
}
AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
/* new pair */
AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
BIO_free(bio2); /* free bio2 and automatically remove from pair */
AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
/* test wrap around... */
AssertIntEQ(BIO_reset(bio1), 0);
AssertIntEQ(BIO_reset(bio3), 0);
/* fill write buffer, read only small amount then write again */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], i);
}
/* try writing over read index */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
XMEMSET(bufPt, 0, 4);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);
/* read and write 0 bytes */
AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
/* should read only to end of write buffer then need to read again */
AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
for (i = 0; i < 16; i++) {
AssertIntEQ(bufPt[i], buff[4 + i]);
}
AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], 0);
}
/* read index should not have advanced with nread0 */
AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], 0);
}
/* write and fill up buffer checking reset of index state */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buff, 20);
/* test reset on data in bio1 write buffer */
AssertIntEQ(BIO_reset(bio1), 0);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
AssertNotNull(p);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
for (i = 0; i < 6; i++) {
AssertIntEQ(bufPt[i], i);
}
/* test case of writing twice with offset read index */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
BIO_free(bio1);
BIO_free(bio3);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
{
BIO* bioA = NULL;
BIO* bioB = NULL;
AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
BIO_free(bioA);
bioA = NULL;
BIO_free(bioB);
bioB = NULL;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* BIOs with file pointers */
#if !defined(NO_FILESYSTEM)
{
XFILE f1;
XFILE f2;
BIO* f_bio1;
BIO* f_bio2;
unsigned char cert[300];
char testFile[] = "tests/bio_write_test.txt";
char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));
AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
f1 = XFOPEN(svrCertFile, "rwb");
AssertTrue((f1 != XBADFILE));
AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_write_filename(f_bio2, testFile),
WOLFSSL_SUCCESS);
AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
AssertIntEQ(BIO_tell(f_bio1),sizeof(cert));
AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_tell(f_bio2),sizeof(msg));
AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_reset(f_bio2), 0);
AssertIntEQ(BIO_tell(NULL),-1);
AssertIntEQ(BIO_tell(f_bio2),0);
AssertIntEQ(BIO_seek(f_bio2, 4), 0);
AssertIntEQ(BIO_tell(f_bio2),4);
BIO_free(f_bio1);
BIO_free(f_bio2);
AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
BIO_free(f_bio1);
}
#endif /* !defined(NO_FILESYSTEM) */
/* BIO info callback */
{
const char* testArg = "test";
BIO* cb_bio;
AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));
BIO_set_callback(cb_bio, bioCallback);
AssertNotNull(BIO_get_callback(cb_bio));
BIO_set_callback(cb_bio, NULL);
AssertNull(BIO_get_callback(cb_bio));
BIO_set_callback_arg(cb_bio, (char*)testArg);
AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
AssertNull(BIO_get_callback_arg(NULL));
BIO_free(cb_bio);
}
/* BIO_vfree */
AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
BIO_vfree(NULL);
BIO_vfree(bio1);
printf(resultFmt, passed);
#endif
}
#endif /* !NO_BIO */
static void test_wolfSSL_ASN1_STRING(void)
{
#if defined(OPENSSL_EXTRA)
ASN1_STRING* str = NULL;
const char data[] = "hello wolfSSL";
printf(testingFmt, "wolfSSL_ASN1_STRING()");
AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
ASN1_STRING_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_BIT_STRING(void)
{
#ifdef OPENSSL_ALL
ASN1_BIT_STRING* str;
printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
AssertNotNull(str = ASN1_BIT_STRING_new());
AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
ASN1_BIT_STRING_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_a2i_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
BIO *bio, *out;
ASN1_INTEGER* ai;
char buf[] = "123456\n12345\n112345678912345678901234567890\n";
char tmp[1024];
int tmpSz;
const char expected1[] = "123456";
const char expected2[] = "112345678912345678901234567890";
printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");
AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
AssertNotNull(out = BIO_new(BIO_s_mem()));
AssertNotNull(ai = ASN1_INTEGER_new());
/* read first line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 6);
AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
/* fail on second line (not % 2) */
AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
/* read 3rd long line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 30);
AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
BIO_free(out);
BIO_free(bio);
ASN1_INTEGER_free(ai);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_a2i_IPADDRESS(void)
{
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO)
const unsigned char* data;
int dataSz = 0;
ASN1_OCTET_STRING *st;
const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1};
const unsigned char ipv6_exp[] = {
0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77
};
const unsigned char ipv6_home[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
printf(testingFmt, "test_wolfSSL_a2i_IPADDRESS()");
AssertNull(st = a2i_IPADDRESS("127.0.0.1bad"));
AssertNotNull(st = a2i_IPADDRESS("127.0.0.1"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0);
ASN1_STRING_free(st);
AssertNotNull(st = a2i_IPADDRESS("::1"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0);
ASN1_STRING_free(st);
AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0);
ASN1_STRING_free(st);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
WOLFSSL_DES_key_schedule key;
printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
/* Encrypt messages */
wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
/* Decrypt messages */
int ret1 = 0;
int ret2 = 0;
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret1,0);
wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret2,0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
const byte asn_utc_time = ASN_UTC_TIME;
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
const byte asn_gen_time = ASN_GENERALIZED_TIME;
#endif
WOLFSSL_ASN1_TIME *asn_time, *s;
int offset_day;
long offset_sec;
char date_str[CTC_DATE_SIZE + 1];
time_t t;
printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
AssertNotNull(s = wolfSSL_ASN1_TIME_new());
/* UTC notation test */
/* 2000/2/15 20:30:00 */
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
offset_day = 7;
offset_sec = 45 * mini;
/* offset_sec = -45 * min;*/
AssertNotNull(asn_time =
wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
/* negative offset */
offset_sec = -45 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
XMEMSET(date_str, 0, sizeof(date_str));
/* Generalized time will overflow time_t if not long */
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
DYNAMIC_TYPE_OPENSSL);
/* GeneralizedTime notation test */
/* 2055/03/01 09:00:00 */
t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
offset_day = 12;
offset_sec = 10 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_gen_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
XMEMSET(date_str, 0, sizeof(date_str));
#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
/* if WOLFSSL_ASN1_TIME struct is not allocated */
s = NULL;
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
offset_day = 7;
offset_sec = 45 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_to_tm(void)
{
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
&& !defined(NO_ASN_TIME)
ASN1_TIME asnTime;
struct tm tm;
printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()");
XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
AssertIntEQ(tm.tm_sec, 15);
AssertIntEQ(tm.tm_min, 15);
AssertIntEQ(tm.tm_hour, 21);
AssertIntEQ(tm.tm_mday, 22);
AssertIntEQ(tm.tm_mon, 1);
AssertIntEQ(tm.tm_year, 100);
AssertIntEQ(tm.tm_isdst, 0);
#ifdef XMKTIME
AssertIntEQ(tm.tm_wday, 2);
AssertIntEQ(tm.tm_yday, 52);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_cmp_time(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
WOLFSSL_ASN1_TIME asn_time;
time_t t;
printf(testingFmt, "wolfSSL_X509_cmp_time()");
AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_time_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
!defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
!defined(NO_ASN_TIME)
X509* x509;
time_t t, not_before, not_after;
printf(testingFmt, "wolfSSL_X509_time_adj()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
client_cert_der_2048, sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
t = 0;
not_before = XTIME(0);
not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */
AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
/* Check X509_gmtime_adj, too. */
AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
&& !defined(NO_RSA)
X509* x509;
#ifndef NO_BIO
BIO* bio;
X509_STORE_CTX* ctx;
X509_STORE* store;
#endif
char der[] = "certs/ca-cert.der";
XFILE fp;
printf(testingFmt, "wolfSSL_X509()");
AssertNotNull(x509 = X509_new());
X509_free(x509);
#ifndef NO_BIO
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifdef WOLFSSL_CERT_GEN
AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
AssertNotNull(store = X509_STORE_new());
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
X509_free(x509);
BIO_free(bio);
#endif
/** d2i_X509_fp test **/
fp = XFOPEN(der, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
fp = XFOPEN(der, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
/* X509_up_ref test */
AssertIntEQ(X509_up_ref(NULL), 0);
AssertNotNull(x509 = X509_new()); /* refCount = 1 */
AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
X509_free(x509); /* refCount = 2 */
X509_free(x509); /* refCount = 1 */
X509_free(x509); /* refCount = 0, free */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_ext_count(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
int ret = 0;
WOLFSSL_X509* x509;
const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
FILE* f;
printf(testingFmt, "wolfSSL_X509_get_ext_count()");
/* NULL parameter check */
AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_ext_count(x509), 5);
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_ext_count(x509), 5);
wolfSSL_X509_free(x509);
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input");
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
printf(resultFmt, ret == 4 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument");
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_sign2(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
defined(WOLFSSL_CERT_EXT) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
WOLFSSL_X509 *x509, *ca;
const unsigned char *der;
const unsigned char *pt;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME *name;
WOLFSSL_ASN1_TIME *notBefore, *notAfter;
int derSz;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
time_t t;
const unsigned char expected[] = {
#ifdef WOLFSSL_AKID_NAME
0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01,
0x40, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15,
0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06,
0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66,
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
0xd7, 0x85, 0x65, 0xc0, 0x30, 0x81, 0xd3, 0x06, 0x03, 0x55, 0x1d, 0x23,
0x04, 0x81, 0xcb, 0x30, 0x81, 0xc8, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66,
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
0xd7, 0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81,
0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34,
0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10,
0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d,
0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73,
0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d,
0x96, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30,
0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06,
0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x2e, 0xd1, 0xec, 0xbc, 0x99, 0xfe,
0x50, 0x38, 0x47, 0x47, 0x88, 0x51, 0xcf, 0xe4, 0x88, 0x76, 0xdf, 0x89,
0x8f, 0xea, 0x91, 0xbc, 0xd6, 0xc6, 0x91, 0xc9, 0xcc, 0x33, 0x77, 0x5d,
0xdd, 0x4b, 0xc9, 0xf6, 0x10, 0x54, 0xe2, 0x04, 0x89, 0x51, 0xdb, 0xe1,
0x00, 0x0c, 0x61, 0x03, 0x26, 0x86, 0x35, 0xac, 0x96, 0x23, 0x9d, 0xef,
0xd9, 0x95, 0xe4, 0xb4, 0x83, 0x9e, 0x0f, 0x47, 0x30, 0x08, 0x96, 0x28,
0x7f, 0x2d, 0xe3, 0x23, 0x30, 0x3b, 0xb0, 0x46, 0xe8, 0x21, 0x78, 0xb4,
0xc0, 0xbc, 0x9f, 0x60, 0x02, 0xd4, 0x16, 0x2d, 0xe5, 0x5a, 0x00, 0x65,
0x15, 0x95, 0x81, 0x93, 0x80, 0x06, 0x3e, 0xf7, 0xdf, 0x0c, 0x2b, 0x3f,
0x14, 0xfc, 0xc3, 0x79, 0xfd, 0x59, 0x5c, 0xa7, 0xc3, 0xe0, 0xa8, 0xd4,
0x53, 0x4f, 0x13, 0x0a, 0xa3, 0xfe, 0x1d, 0x63, 0x4e, 0x84, 0xb2, 0x98,
0x19, 0x06, 0xe0, 0x60, 0x3a, 0xc9, 0x49, 0x73, 0x00, 0xe3, 0x72, 0x2f,
0x68, 0x27, 0x9f, 0x14, 0x18, 0xb7, 0x57, 0xb9, 0x1d, 0xa8, 0xb3, 0x05,
0x6c, 0xf5, 0x4b, 0x0e, 0xac, 0x26, 0x7a, 0xfe, 0xc1, 0xab, 0x1f, 0x27,
0xf1, 0x1e, 0x21, 0x33, 0x31, 0xb6, 0x43, 0xb0, 0xf8, 0x74, 0x69, 0x6a,
0xb1, 0x9b, 0xcb, 0xe4, 0xd3, 0xa2, 0x8e, 0x8a, 0x55, 0xef, 0x81, 0xf3,
0x4a, 0x44, 0x90, 0x4d, 0x08, 0xb8, 0x31, 0x90, 0x1a, 0x82, 0x52, 0x56,
0xeb, 0xf0, 0x50, 0x5b, 0x9f, 0x87, 0x98, 0x54, 0xfe, 0x6a, 0x60, 0x41,
0x16, 0xdb, 0xdc, 0xff, 0x89, 0x4c, 0x98, 0x00, 0xb1, 0x87, 0x6c, 0xe7,
0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
#else
0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed,
0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14,
0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05,
0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58,
0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc,
0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45,
0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76,
0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0,
0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03,
0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c,
0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43,
0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e,
0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5,
0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83,
0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21,
0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63,
0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53,
0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88,
0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01,
0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d,
0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a,
0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb
#endif
};
printf(testingFmt, "wolfSSL_X509_sign2");
pt = ca_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
sizeof_ca_key_der_2048));
pt = client_cert_der_2048;
AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
sizeof_client_cert_der_2048));
pt = ca_cert_der_2048;
AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
AssertIntEQ(notAfter->length, 13);
AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
wolfSSL_X509_sign(x509, priv, EVP_sha256());
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(derSz, sizeof(expected));
AssertIntEQ(XMEMCMP(der, expected, derSz), 0);
wolfSSL_X509_free(ca);
wolfSSL_X509_free(x509);
wolfSSL_EVP_PKEY_free(priv);
wolfSSL_ASN1_TIME_free(notBefore);
wolfSSL_ASN1_TIME_free(notAfter);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
int ret;
char *cn;
word32 cnSz;
X509_NAME *name;
X509 *x509, *ca;
DecodedCert dCert;
EVP_PKEY *pub;
EVP_PKEY *priv;
EVP_MD_CTX *mctx;
#if defined(USE_CERT_BUFFERS_1024)
const unsigned char* rsaPriv = client_key_der_1024;
const unsigned char* rsaPub = client_keypub_der_1024;
const unsigned char* certIssuer = client_cert_der_1024;
long clientKeySz = (long)sizeof_client_key_der_1024;
long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
long certIssuerSz = (long)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* rsaPriv = client_key_der_2048;
const unsigned char* rsaPub = client_keypub_der_2048;
const unsigned char* certIssuer = client_cert_der_2048;
long clientKeySz = (long)sizeof_client_key_der_2048;
long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
long certIssuerSz = (long)sizeof_client_cert_der_2048;
#endif
byte sn[16];
int snSz = sizeof(sn);
printf(testingFmt, "wolfSSL_X509_sign");
/* Set X509_NAME fields */
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
/* Get private and public keys */
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
clientKeySz));
AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
AssertNotNull(x509 = X509_new());
/* Set version 3 */
AssertIntNE(X509_set_version(x509, 2L), 0);
/* Set subject name, add pubkey, and sign certificate */
AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
X509_NAME_free(name);
AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
/* Add some subject alt names */
AssertIntNE(wolfSSL_X509_add_altname(NULL,
"ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
NULL, ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"sphygmomanometer",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"supercalifragilisticexpialidocious",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
ASN_DNS_TYPE), SSL_SUCCESS);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
{
unsigned char ip4_type[] = {127,128,0,255};
unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
0xff, 0xee, 0x99, 0x88,
0x77, 0x66, 0x55, 0x44,
0x00, 0x33, 0x22, 0x11};
AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type,
sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type,
sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
}
#endif
#endif /* WOLFSSL_ALT_NAMES */
/* test valid sign case */
ret = X509_sign(x509, priv, EVP_sha256());
/* test valid X509_sign_ctx case */
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
AssertIntGT(X509_sign_ctx(x509, mctx), 0);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
AssertIntEQ(X509_get_ext_count(x509), 1);
#endif
#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
#endif
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
WOLFSSL_SUCCESS);
DEBUG_WRITE_CERT_X509(x509, "signed.der");
/* Variation in size depends on ASN.1 encoding when MSB is set */
#ifndef WOLFSSL_ALT_NAMES
/* Valid case - size should be 798-797 with 16 byte serial number */
AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
/* Valid case - size should be 955-956 with 16 byte serial number */
AssertTrue((ret == 939 + snSz) || (ret == 940 + snSz));
#else
/* Valid case - size should be 926-927 with 16 byte serial number */
AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
#endif
/* check that issuer name is as expected after signature */
InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
AssertNotNull(name = X509_get_subject_name(ca));
cnSz = X509_NAME_get_sz(name);
AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
#ifdef WOLFSSL_MULTI_ATTRIB
/* test adding multiple OU's to the signer */
AssertNotNull(name = X509_get_subject_name(ca));
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
(byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
(byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
#endif
AssertNotNull(name = X509_get_subject_name(ca));
AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);
AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
AssertNotNull(name = X509_get_issuer_name(x509));
cnSz = X509_NAME_get_sz(name);
AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
/* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
FreeDecodedCert(&dCert);
/* Test invalid parameters */
AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, priv, NULL), 0);
AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
EVP_MD_CTX_free(mctx);
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
/* test invalid version number */
#if defined(OPENSSL_ALL)
AssertIntNE(X509_set_version(x509, 6L), 0);
AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
/* uses ParseCert which fails on bad version number */
AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
#endif
EVP_MD_CTX_free(mctx);
EVP_PKEY_free(priv);
EVP_PKEY_free(pub);
X509_free(x509);
X509_free(ca);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get0_tbs_sigalg(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
X509* x509 = NULL;
const X509_ALGOR* alg;
printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg");
AssertNotNull(x509 = X509_new());
AssertNull(alg = X509_get0_tbs_sigalg(NULL));
AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_ALGOR_get0(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_SHA256) && !defined(NO_RSA)
X509* x509 = NULL;
const ASN1_OBJECT* obj = NULL;
const X509_ALGOR* alg;
int pptype = 0;
const void *ppval = NULL;
printf(testingFmt, "wolfSSL_X509_ALGOR_get0");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
/* Invalid case */
X509_ALGOR_get0(&obj, NULL, NULL, NULL);
AssertNull(obj);
/* Valid case */
X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
AssertNotNull(obj);
AssertNull(ppval);
AssertIntNE(pptype, 0);
/* Make sure NID of X509_ALGOR is Sha256 with RSA */
AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_VERIFY_PARAM(void)
{
#if defined(OPENSSL_EXTRA)
X509_VERIFY_PARAM *paramTo;
X509_VERIFY_PARAM *paramFrom;
int ret;
char testIPv4[] = "127.0.0.1";
char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
char testhostName1[] = "foo.hoge.com";
char testhostName2[] = "foobar.hoge.com";
printf(testingFmt, "wolfSSL_X509()");
paramTo = X509_VERIFY_PARAM_new();
AssertNotNull(paramTo);
XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM ));
paramFrom = X509_VERIFY_PARAM_new();
AssertNotNull(paramFrom);
XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM ));
ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
(int)XSTRLEN(testhostName1));
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
AssertIntEQ(0x01, paramFrom->hostFlags);
ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
AssertIntEQ(0, ret);
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* null pointer */
ret = X509_VERIFY_PARAM_set1(NULL, paramFrom);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* in the case of "from" null, returns success */
ret = X509_VERIFY_PARAM_set1(paramTo, NULL);
AssertIntEQ(WOLFSSL_SUCCESS, ret);
ret = X509_VERIFY_PARAM_set1(NULL, NULL);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* inherit flags test : VPARAM_DEFAULT */
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM OVERWRITE */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_RESET_FLAGS */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_LOCKED */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = X509_VP_FLAG_LOCKED;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
(int)XSTRLEN(testhostName2)));
AssertIntEQ(0x00, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
/* test for incorrect parameters */
ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL );
AssertIntEQ(0, ret);
ret = X509_VERIFY_PARAM_set_flags(NULL, 0 );
AssertIntEQ(0, ret);
/* inherit flags test : VPARAM_ONCE, not testable yet */
ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret);
ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(0, ret);
X509_VERIFY_PARAM_free(paramTo);
X509_VERIFY_PARAM_free(paramFrom);
X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_X509_PUBKEY(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
X509* x509 = NULL;
X509_PUBKEY* pubKey;
printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
AssertNotNull(x509 = X509_new());
AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_RSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_SHA256) && !defined(NO_RSA)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_PUBKEY_RSA");
AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertNotNull(pubKey);
AssertIntGT(ppklen, 0);
AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNull(pval);
AssertIntEQ(pptype, V_ASN1_NULL);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_EC(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
ASN1_OBJECT* poid;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
char buf[50];
printf(testingFmt, "wolfSSL_X509_PUBKEY_EC");
AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_OBJECT);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
poid = (ASN1_OBJECT *)pval;
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_DSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
word32 bytes;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
const unsigned char* dsaKeyDer = tmp;
ASN1_OBJECT* obj = NULL;
ASN1_STRING* str;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey = NULL;
EVP_PKEY* evpKey = NULL;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_PUBKEY_DSA");
/* Initialize pkey with der format dsa key */
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));
AssertNotNull(pubKey = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_SEQUENCE);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
str = (ASN1_STRING *)pval;
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(ASN1_STRING_length(str), 291);
#else
AssertIntEQ(ASN1_STRING_length(str), 549);
#endif /* END USE_CERT_BUFFERS_1024 */
X509_PUBKEY_free(pubKey);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RAND(void)
{
#if defined(OPENSSL_EXTRA)
byte seed[16];
printf(testingFmt, "wolfSSL_RAND()");
RAND_seed(seed, sizeof(seed));
AssertIntEQ(RAND_poll(), 1);
RAND_cleanup();
AssertIntEQ(RAND_egd(NULL), -1);
#ifndef NO_FILESYSTEM
{
char fname[100];
AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
AssertIntEQ(RAND_write_file(NULL), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BUF(void)
{
#if defined(OPENSSL_EXTRA)
BUF_MEM* buf;
AssertNotNull(buf = BUF_MEM_new());
AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
BUF_MEM_free(buf);
#endif /* OPENSSL_EXTRA */
}
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
static int stub_rand_seed(const void *buf, int num)
{
(void)buf;
(void)num;
return 123;
}
static int stub_rand_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 456;
}
static byte* was_stub_rand_cleanup_called(void)
{
static byte was_called = 0;
return &was_called;
}
static void stub_rand_cleanup(void)
{
byte* was_called = was_stub_rand_cleanup_called();
*was_called = 1;
return;
}
static byte* was_stub_rand_add_called(void)
{
static byte was_called = 0;
return &was_called;
}
static int stub_rand_add(const void *buf, int num, double entropy)
{
byte* was_called = was_stub_rand_add_called();
(void)buf;
(void)num;
(void)entropy;
*was_called = 1;
return 0;
}
static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 9876;
}
static int stub_rand_status(void)
{
return 5432;
}
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
static void test_wolfSSL_RAND_set_rand_method(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
unsigned char* buf = NULL;
int num = 0;
double entropy = 0;
byte* was_cleanup_called = was_stub_rand_cleanup_called();
byte* was_add_called = was_stub_rand_add_called();
printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
rand_methods.seed = &stub_rand_seed;
rand_methods.bytes = &stub_rand_bytes;
rand_methods.cleanup = &stub_rand_cleanup;
rand_methods.add = &stub_rand_add;
rand_methods.pseudorand = &stub_rand_pseudo_bytes;
rand_methods.status = &stub_rand_status;
AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
AssertIntEQ(RAND_seed(buf, num), 123);
AssertIntEQ(RAND_bytes(buf, num), 456);
AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876);
AssertIntEQ(RAND_status(), 5432);
AssertIntEQ(*was_add_called, 0);
/* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
RAND_add(buf, num, entropy);
AssertIntEQ(*was_add_called, 1);
was_add_called = 0;
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 1);
*was_cleanup_called = 0;
AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
AssertIntNE(RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}
static void test_wolfSSL_RAND_bytes(void)
{
#if defined(OPENSSL_EXTRA)
const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */
const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */
const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */
const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */
int max_bufsize;
byte *my_buf;
printf(testingFmt, "test_wolfSSL_RAND_bytes()");
/* sanity check */
AssertIntEQ(RAND_bytes(NULL, 16), 0);
AssertIntEQ(RAND_bytes(NULL, 0), 0);
max_bufsize = size4;
my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(RAND_bytes(my_buf, 0), 1);
AssertIntEQ(RAND_bytes(my_buf, -1), 0);
AssertNotNull(my_buf);
XMEMSET(my_buf, 0, max_bufsize);
AssertIntEQ(RAND_bytes(my_buf, size1), 1);
AssertIntEQ(RAND_bytes(my_buf, size2), 1);
AssertIntEQ(RAND_bytes(my_buf, size3), 1);
AssertIntEQ(RAND_bytes(my_buf, size4), 1);
XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BN_rand(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* bn;
printf(testingFmt, "wolfSSL_BN_rand()");
AssertNotNull(bn = BN_new());
AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
BN_free(bn);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_pseudo_rand(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* bn;
unsigned char bin[8];
int i;
printf(testingFmt, "wolfSSL_pseudo_rand()");
/* BN_pseudo_rand returns 1 on success 0 on failure
* int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
for (i = 0; i < 10; i++) {
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
AssertIntGT(BN_bn2bin(bn, bin),0);
AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
BN_free(bn);
}
for (i = 0; i < 10; i++) {
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
AssertIntGT(BN_bn2bin(bn, bin),0);
AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
BN_free(bn);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS8_Compat(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
#ifndef NO_BIO
PKCS8_PRIV_KEY_INFO* pt;
BIO* bio;
XFILE f;
int bytes;
char pkcs8_buffer[512];
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
EVP_PKEY *pkey = NULL;
#endif
printf(testingFmt, "wolfSSL_pkcs8()");
/* file from wolfssl/certs/ directory */
f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
AssertTrue(f != XBADFILE);
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
AssertNotNull(pkey = EVP_PKCS82PKEY(pt));
AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
/* gets PKCS8 pointer to pkey */
AssertNotNull(EVP_PKEY2PKCS8(pkey));
EVP_PKEY_free(pkey);
#endif
BIO_free(bio);
PKCS8_PRIV_KEY_INFO_free(pt);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_PKCS8_d2i(void)
{
#if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
/* This test ends up using HMAC as a part of PBKDF2, and HMAC
* requires a 12 byte password in FIPS mode. This test ends up
* trying to use an 8 byte password. */
#ifndef NO_FILESYSTEM
unsigned char pkcs8_buffer[2048];
const unsigned char* p;
int bytes;
XFILE file;
WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_BIO
BIO* bio;
#if defined(OPENSSL_ALL) && \
((!defined(NO_RSA) && !defined(NO_DES3)) || \
defined(HAVE_ECC)) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
WOLFSSL_EVP_PKEY* evpPkey = NULL;
#endif
#endif
#ifndef NO_RSA
const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
#ifndef NO_DES3
const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
#endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
#ifndef NO_DES3
const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
#endif
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsa = (unsigned char*)server_key_der_1024;
int rsaSz = sizeof_server_key_der_1024;
#else
const unsigned char* rsa = (unsigned char*)server_key_der_2048;
int rsaSz = sizeof_server_key_der_2048;
#endif
#endif
#ifdef HAVE_ECC
const unsigned char* ec = (unsigned char*)ecc_key_der_256;
int ecSz = sizeof_ecc_key_der_256;
#endif
#endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */
#ifndef NO_FILESYSTEM
(void)pkcs8_buffer;
(void)p;
(void)bytes;
(void)file;
#ifndef NO_BIO
(void)bio;
#endif
#endif
#ifdef OPENSSL_ALL
#ifndef NO_RSA
/* Try to auto-detect normal RSA private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
EVP_PKEY_free(pkey);
#endif
#ifdef HAVE_ECC
/* Try to auto-detect normal EC private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
EVP_PKEY_free(pkey);
#endif
#endif /* OPENSSL_ALL */
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
/* Get DER encoded RSA PKCS#8 data. */
file = XFOPEN(rsaDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(rsaPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
#ifndef NO_DES3
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 1834;
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* !NO_DES3 */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted RSA key */
#ifndef NO_DES3
file = XFOPEN(rsaDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* PKCS#8 encode EC key */
file = XFOPEN(ecDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(ecPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 379;
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */
#ifndef NO_DES3
file = XFOPEN(ecDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
printf(resultFmt, passed);
#endif /* HAVE_FIPS && OPENSSL_EXTRA */
}
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
#define LOGGING_THREADS 5
#define ERROR_COUNT 10
static volatile int loggingThreadsReady;
static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
{
const char* file;
int line;
int err;
int errorCount = 0;
int i;
(void)args;
while (!loggingThreadsReady);
for (i = 0; i < ERROR_COUNT; i++)
ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
while ((err = ERR_get_error_line(&file, &line))) {
AssertIntEQ(err, 990 + errorCount);
errorCount++;
}
AssertIntEQ(errorCount, ERROR_COUNT);
/* test max queue behavior, trying to add an arbitrary 3 errors over */
errorCount = 0;
for (i = 0; i < ERROR_QUEUE_MAX + 3; i++)
ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
while ((err = ERR_get_error_line(&file, &line))) {
AssertIntEQ(err, 990 + errorCount);
errorCount++;
}
/* test that the 3 errors over the max were dropped */
AssertIntEQ(errorCount, ERROR_QUEUE_MAX);
return 0;
}
#endif
static void test_error_queue_per_thread(void)
{
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
THREAD_TYPE loggingThreads[LOGGING_THREADS];
int i;
printf(testingFmt, "error_queue_per_thread()");
ERR_clear_error(); /* clear out any error nodes */
loggingThreadsReady = 0;
for (i = 0; i < LOGGING_THREADS; i++)
start_thread(test_logging, NULL, &loggingThreads[i]);
loggingThreadsReady = 1;
for (i = 0; i < LOGGING_THREADS; i++)
join_thread(loggingThreads[i]);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ERR_put_error(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
const char* file;
int line;
printf(testingFmt, "wolfSSL_ERR_put_error()");
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
AssertIntEQ(ERR_get_error_line(&file, &line), 1);
ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
AssertIntEQ(ERR_get_error_line(&file, &line), 2);
ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
AssertIntEQ(ERR_get_error_line(&file, &line), 3);
ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
AssertIntEQ(ERR_get_error_line(&file, &line), 4);
ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
AssertIntEQ(ERR_get_error_line(&file, &line), 5);
ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
AssertIntEQ(ERR_get_error_line(&file, &line), 6);
ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
AssertIntEQ(ERR_get_error_line(&file, &line), 7);
ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
AssertIntEQ(ERR_get_error_line(&file, &line), 8);
ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
AssertIntEQ(ERR_get_error_line(&file, &line), 9);
ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
AssertIntEQ(ERR_get_error_line(&file, &line), 10);
ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
AssertIntEQ(ERR_get_error_line(&file, &line), 11);
ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
AssertIntEQ(ERR_get_error_line(&file, &line), 12);
ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
AssertIntEQ(ERR_get_error_line(&file, &line), 13);
ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
AssertIntEQ(ERR_get_error_line(&file, &line), 14);
ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
AssertIntEQ(ERR_get_error_line(&file, &line), 15);
#ifdef WOLFSSL_PYTHON
ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG,
"this file", 100);
AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line),
(ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
AssertIntEQ(line, 100);
AssertIntEQ(wolfSSL_ERR_peek_error(),
(ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG);
#endif
/* try reading past end of error queue */
file = NULL;
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
AssertNull(file);
AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
PEMerr(4,4);
AssertIntEQ(ERR_get_error(), 4);
/* Empty and free up all error nodes */
ERR_clear_error();
/* Verify all nodes are cleared */
ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
ERR_clear_error();
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_ERR_print_errors(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
BIO* bio;
char buf[1024];
printf(testingFmt, "wolfSSL_ERR_print_errors()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
/* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100);
ERR_print_errors(bio);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
buf, 55), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100",
buf, 56), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
AssertIntEQ(buf[0], '\0');
AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
{
wolfSSL_BIO_write((BIO*)u, str, (int)len);
return 0;
}
#endif
static void test_wolfSSL_ERR_print_errors_cb(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
BIO* bio;
char buf[1024];
printf(testingFmt, "wolfSSL_ERR_print_errors_cb()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
buf, 53), 0);
AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
buf + 53, 55), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
/*
* Testing WOLFSSL_ERROR_MSG
*/
static int test_WOLFSSL_ERROR_MSG (void)
{
int ret = 0;
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
const char* msg = TEST_STRING;
printf(testingFmt, "WOLFSSL_ERROR_MSG()");
WOLFSSL_ERROR_MSG(msg);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_WOLFSSL_ERROR_MSG*/
/*
* Testing wc_ERR_remove_state
*/
static int test_wc_ERR_remove_state (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
printf(testingFmt, "wc_ERR_remove_state()");
wc_ERR_remove_state();
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_ERR_remove_state*/
/*
* Testing wc_ERR_print_errors_fp
*/
static int test_wc_ERR_print_errors_fp (void)
{
int ret = 0;
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
(!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
long sz;
printf(testingFmt, "wc_ERR_print_errors_fp()");
WOLFSSL_ERROR(BAD_FUNC_ARG);
XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
wc_ERR_print_errors_fp(fp);
#if defined(DEBUG_WOLFSSL)
AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
sz = XFTELL(fp);
#ifdef NO_ERROR_QUEUE
/* File should be empty when NO_ERROR_QUEUE is defined */
if (sz != 0) {
ret = BAD_FUNC_ARG;
}
#else
if (sz == 0) {
ret = BAD_FUNC_ARG;
}
#endif
#endif
printf(resultFmt, ret == 0 ? passed : failed);
XFCLOSE(fp);
(void)sz;
#endif
return ret;
}/*End test_wc_ERR_print_errors_fp*/
#ifdef DEBUG_WOLFSSL
static void Logging_cb(const int logLevel, const char *const logMessage)
{
(void)logLevel;
(void)logMessage;
}
#endif
/*
* Testing wolfSSL_GetLoggingCb
*/
static int test_wolfSSL_GetLoggingCb (void)
{
int ret = 0;
printf(testingFmt, "wolfSSL_GetLoggingCb()");
#ifdef DEBUG_WOLFSSL
/* Testing without wolfSSL_SetLoggingCb() */
if (ret == 0) {
if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
ret = 0;
}
if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
ret = -1;
}
}
/* Testing with wolfSSL_SetLoggingCb() */
if (ret == 0) {
ret = wolfSSL_SetLoggingCb(Logging_cb);
if (ret == 0){
if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
ret = -1;
}
if (ret == 0) {
if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
ret = 0;
}
}
/* reset logging callback */
wolfSSL_SetLoggingCb(NULL);
}
}
#endif
if (ret == 0) {
if (wolfSSL_GetLoggingCb() != NULL) {
ret = -1;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
return ret;
}/*End test_wolfSSL_GetLoggingCb*/
#endif /* !NO_BIO */
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
{
static const unsigned char key[] = "simple test key";
HMAC_CTX* hmac;
ENGINE* e = NULL;
unsigned char hash[WC_MAX_DIGEST_SIZE];
unsigned int len;
AssertNotNull(hmac = HMAC_CTX_new());
HMAC_CTX_init(hmac);
AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e),
SSL_SUCCESS);
/* re-using test key as data to hash */
AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
AssertIntEQ(len, md_len);
AssertIntEQ(HMAC_size(hmac), md_len);
AssertStrEQ(HMAC_CTX_get_md(hmac), md);
HMAC_cleanup(hmac);
HMAC_CTX_free(hmac);
len = 0;
AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
AssertIntEQ(len, md_len);
}
#endif
static void test_wolfSSL_HMAC(void)
{
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
printf(testingFmt, "wolfSSL_HMAC()");
#ifndef NO_SHA256
test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA224
test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA384
test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA512
test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_256
test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_384
test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_512
test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE);
#endif
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CMAC(void)
{
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
int i;
byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL;
byte out[AES_BLOCK_SIZE];
size_t outLen = AES_BLOCK_SIZE;
printf(testingFmt, "test_wolfSSL_CMAC()");
for (i=0; i < AES_128_KEY_SIZE; ++i) {
key[i] = i;
}
AssertNotNull(cmacCtx = CMAC_CTX_new());
/* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
NULL), SSL_SUCCESS);
/* re-using test key as data to hash */
AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS);
AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS);
AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS);
AssertIntEQ(outLen, AES_BLOCK_SIZE);
CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed);
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
}
static void test_wolfSSL_OBJ(void)
{
/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
* mode
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
!defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
defined(WOLFSSL_CERT_GEN)
ASN1_OBJECT *obj = NULL;
char buf[50];
XFILE fp;
X509 *x509 = NULL;
X509_NAME *x509Name;
X509_NAME_ENTRY *x509NameEntry;
ASN1_OBJECT *asn1Name = NULL;
int numNames;
BIO *bio = NULL;
int nid;
int i, j;
const char *f[] = {
#ifndef NO_RSA
"./certs/ca-cert.der",
#endif
#ifdef HAVE_ECC
"./certs/ca-ecc-cert.der",
"./certs/ca-ecc384-cert.der",
#endif
NULL};
ASN1_OBJECT *field_name_obj = NULL;
int lastpos = -1;
int tmp = -1;
ASN1_STRING *asn1 = NULL;
unsigned char *buf_dyn = NULL;
printf(testingFmt, "wolfSSL_OBJ()");
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
ASN1_OBJECT_free(obj);
AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
#ifdef WOLFSSL_CERT_EXT
AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
#endif
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
ASN1_OBJECT_free(obj);
for (i = 0; f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
XFCLOSE(fp);
AssertNotNull(x509Name = X509_get_issuer_name(x509));
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
/* Get the Common Name by using OBJ_txt2obj */
AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
do
{
lastpos = tmp;
tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
} while (tmp > -1);
AssertIntNE(lastpos, -1);
ASN1_OBJECT_free(field_name_obj);
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
/*
* All Common Names should be www.wolfssl.com
* This makes testing easier as we can test for the expected value.
*/
AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
OPENSSL_free(buf_dyn);
bio = BIO_new(BIO_s_mem());
AssertTrue(bio != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
}
BIO_free(bio);
X509_free(x509);
}
#ifdef HAVE_PKCS12
{
PKCS12 *p12;
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
#if !defined(NO_DES3) && !defined(NO_RSA)
"./certs/test-servercert.p12",
#endif
NULL};
for (i = 0; p12_f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
XFCLOSE(fp);
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
&pkey, &x509, NULL)) > 0);
wc_PKCS12_free(p12);
EVP_PKEY_free(pkey);
x509Name = X509_get_issuer_name(x509);
AssertNotNull(x509Name);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name =
X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
}
BIO_free(bio);
X509_free(x509);
}
}
#endif /* HAVE_PKCS12 */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2a_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
ASN1_OBJECT *obj = NULL;
BIO *bio = NULL;
AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
BIO_free(bio);
ASN1_OBJECT_free(obj);
#endif
}
static void test_wolfSSL_OBJ_cmp(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
ASN1_OBJECT *obj = NULL;
ASN1_OBJECT *obj2 = NULL;
printf(testingFmt, "wolfSSL_OBJ_cmp()");
AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));
AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, obj), 0);
AssertIntEQ(OBJ_cmp(obj2, obj2), 0);
ASN1_OBJECT_free(obj);
ASN1_OBJECT_free(obj2);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_txt2nid(void)
{
#if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
int i;
static const struct {
const char* sn;
const char* ln;
const char* oid;
int nid;
} testVals[] = {
{ "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
{ "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
NID_id_on_dnsSRV },
{ "msUPN", "Microsoft User Principal Name",
"1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
{ NULL, NULL, NULL, NID_undef }
};
printf(testingFmt, "wolfSSL_OBJ_txt2nid()");
/* Invalid cases */
AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
/* Valid cases */
for (i = 0; testVals[i].sn != NULL; i++) {
AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_txt2obj(void)
{
#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
int i;
char buf[50];
ASN1_OBJECT* obj;
static const struct {
const char* oidStr;
const char* sn;
const char* ln;
} objs_list[] = {
#if defined(WOLFSSL_APACHE_HTTPD)
{ "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
{ "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
#endif
{ "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
{ NULL, NULL, NULL }
};
printf(testingFmt, "wolfSSL_OBJ_txt2obj()");
AssertNull(obj = OBJ_txt2obj("Bad name", 0));
AssertNull(obj = OBJ_txt2obj(NULL, 0));
for (i = 0; objs_list[i].oidStr != NULL; i++) {
/* Test numerical value of oid (oidStr) */
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
/* Test short name (sn) */
AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
/* Test long name (ln) - should fail when no_name = 1 */
AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2t_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
char buf[50] = {0};
ASN1_OBJECT* obj;
const char* oid = "2.5.29.19";
const char* ln = "X509v3 Basic Constraints";
printf(testingFmt, "test_wolfSSL_i2t_ASN1_OBJECT()");
obj = NULL;
AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), WOLFSSL_FAILURE);
AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), WOLFSSL_FAILURE);
AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), WOLFSSL_FAILURE);
AssertNotNull(obj = OBJ_txt2obj(oid, 0));
XMEMSET(buf, 0, sizeof(buf));
AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
ASN1_OBJECT_free(obj);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_PEM_write_bio_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
/* This test contains the hard coded expected
* lengths. Update if necessary */
BIO* input;
BIO* output;
X509* x509 = NULL;
int expectedLen;
printf(testingFmt, "wolfSSL_PEM_write_bio_X509()");
AssertNotNull(input = BIO_new_file(
"certs/test/cert-ext-multiple.pem", "rb"));
AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL));
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
expectedLen = 2000;
#else
/* Only difference is that we generate the validity in generalized
* time. Generating UTCTime vs Generalized time should be fixed in
* the future */
expectedLen = 2004;
#endif
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
/* Reset output buffer */
BIO_free(output);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
/* Test forcing the AKID to be generated just from KeyIdentifier */
if (x509->authKeyIdSrc != NULL) {
XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz);
x509->authKeyId = x509->authKeyIdSrc;
x509->authKeyIdSrc = NULL;
x509->authKeyIdSrcSz = 0;
}
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
/* Check that we generate a smaller output since the AKID will
* only contain the KeyIdentifier without any additional
* information */
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
expectedLen = 1688;
#else
/* UTCTime vs Generalized time */
expectedLen = 1692;
#endif
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
X509_free(x509);
BIO_free(input);
BIO_free(output);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME_ENTRY(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
X509* x509;
#ifndef NO_BIO
BIO* bio;
#endif
X509_NAME* nm;
X509_NAME_ENTRY* entry;
unsigned char cn[] = "another name to add";
printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");
AssertNotNull(x509 =
wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
#endif
#ifdef WOLFSSL_CERT_REQ
{
X509_REQ* req;
#ifndef NO_BIO
BIO* bReq;
#endif
AssertNotNull(req =
wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
AssertNotNull(bReq = BIO_new(BIO_s_mem()));
AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
BIO_free(bReq);
#endif
X509_free(req);
}
#endif
AssertNotNull(nm = X509_get_subject_name(x509));
/* Test add entry */
AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
0x0c, cn, (int)sizeof(cn)));
AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
#ifdef WOLFSSL_CERT_EXT
AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
#endif
X509_NAME_ENTRY_free(entry);
#ifdef WOLFSSL_CERT_REQ
{
unsigned char srv_pkcs9p[] = "Server";
char* subject;
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
subject = X509_NAME_oneline(nm, 0, 0);
#ifdef DEBUG_WOLFSSL
printf("\n\t%s\n", subject);
#endif
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
}
#endif
/* Test add entry by text */
AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
0x0c, cn, (int)sizeof(cn)));
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
|| defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
#endif
AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
X509_NAME_ENTRY_free(entry);
/* Test add entry by NID */
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
cn, -1, -1, 0), SSL_SUCCESS);
#ifndef NO_BIO
BIO_free(bio);
#endif
X509_free(x509); /* free's nm */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_name(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509;
X509_NAME* name;
printf(testingFmt, "wolfSSL_X509_set_name()");
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, 0, 1),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = X509_new());
AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
X509_free(x509);
X509_NAME_free(name);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL && !NO_CERTS */
}
static void test_wolfSSL_X509_set_notAfter(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
!defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
/* Generalized time will overflow time_t if not long */
X509* x;
BIO* bio;
ASN1_TIME *asn_time, *time_check;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
printf(testingFmt, "wolfSSL_X509_set_notAfter()");
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
AssertNotNull(asn_time);
AssertNotNull(x = X509_new());
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/*
* Tests
*/
AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
/* time_check is simply (ANS1_TIME*)x->notAfter */
AssertNotNull(time_check = X509_get_notAfter(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
/*
* Cleanup
*/
XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_notBefore(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
X509* x;
BIO* bio;
ASN1_TIME *asn_time, *time_check;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
printf(testingFmt, "wolfSSL_X509_set_notBefore()");
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
AssertNotNull(asn_time);
AssertNotNull(x = X509_new());
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
/*
* Main Tests
*/
AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
/* time_check == (ANS1_TIME*)x->notBefore */
AssertNotNull(time_check = X509_get_notBefore(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
/*
* Cleanup
*/
XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_version(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509;
long v = 2L;
long maxInt = INT_MAX;
AssertNotNull(x509 = X509_new());
/* These should pass. */
AssertTrue(wolfSSL_X509_set_version(x509, v));
AssertIntEQ(v, wolfSSL_X509_get_version(x509));
/* Fail Case: When v(long) is greater than x509->version(int). */
v = maxInt+1;
AssertFalse(wolfSSL_X509_set_version(x509, v));
/* Cleanup */
X509_free(x509);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_BIO_gets(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
BIO* bio2;
char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
char emp[] = "";
char bio_buffer[20];
int bufferSz = 20;
printf(testingFmt, "wolfSSL_BIO_gets()");
/* try with bad args */
AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
/* try with real msg */
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
XMEMSET(bio_buffer, 0, bufferSz);
AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
AssertFalse(bio2 != BIO_next(bio));
/* make buffer filled with no terminating characters */
XMEMSET(bio_buffer, 1, bufferSz);
/* BIO_gets reads a line of data */
AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
AssertStrEQ(bio_buffer, "hello wolfSSL\n");
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
/* check not null terminated string */
BIO_free(bio);
msg[0] = 0x33;
msg[1] = 0x33;
msg[2] = 0x33;
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
AssertIntEQ(bio_buffer[0], msg[0]);
AssertIntEQ(bio_buffer[1], msg[1]);
AssertIntNE(bio_buffer[2], msg[2]);
BIO_free(bio);
msg[3] = 0x33;
bio_buffer[3] = 0x33;
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
AssertIntEQ(bio_buffer[0], msg[0]);
AssertIntEQ(bio_buffer[1], msg[1]);
AssertIntEQ(bio_buffer[2], msg[2]);
AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
/* check reading an empty string */
BIO_free(bio);
AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
AssertStrEQ(emp, bio_buffer);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
/* check error cases */
BIO_free(bio);
AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
#if !defined(NO_FILESYSTEM)
{
BIO* f_bio;
XFILE f;
AssertNotNull(f_bio = BIO_new(BIO_s_file()));
AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
f = XFOPEN(svrCertFile, "rb");
AssertTrue((f != XBADFILE));
AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
BIO_free(f_bio);
}
#endif /* NO_FILESYSTEM */
BIO_free(bio);
BIO_free(bio2);
/* try with type BIO */
XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
sizeof(msg));
AssertNotNull(bio = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
AssertStrEQ(bio_buffer, "hello wolfSSL\n");
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
BIO_free(bio);
BIO_free(bio2);
/* check reading an empty string */
AssertNotNull(bio = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
AssertStrEQ(emp, bio_buffer);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_puts(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
char input[] = "hello\0world\n.....ok\n\0";
char output[128];
printf(testingFmt, "wolfSSL_BIO_puts()");
XMEMSET(output, 0, sizeof(output));
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_puts(bio, input), 5);
AssertIntEQ(BIO_pending(bio), 5);
AssertIntEQ(BIO_puts(bio, input + 6), 14);
AssertIntEQ(BIO_pending(bio), 19);
AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
AssertStrEQ(output, "helloworld\n");
AssertIntEQ(BIO_pending(bio), 8);
AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
AssertStrEQ(output, ".....ok\n");
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(BIO_puts(bio, ""), -1);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
(void)ssl;
(void)buf;
(void)sz;
(void)ctx;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
#endif
static void test_wolfSSL_BIO_should_retry(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
int ret;
BIO* bio;
printf(testingFmt, "wolfSSL_BIO_should_retry()");
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* force retry */
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
wolfSSL_SSLSetIORecv(ssl, forceWantRead);
AssertNotNull(bio = BIO_new(BIO_f_ssl()));
BIO_set_ssl(bio, ssl, BIO_CLOSE);
AssertIntLE(BIO_write(bio, msg, msgSz), 0);
AssertIntNE(BIO_should_retry(bio), 0);
/* now perform successful connection */
wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
BIO_read(bio, reply, sizeof(reply));
ret = wolfSSL_get_error(ssl, -1);
if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
AssertIntNE(BIO_should_retry(bio), 0);
}
else {
AssertIntEQ(BIO_should_retry(bio), 0);
}
AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
XSTRLEN("I hear you fa shizzle!")), 0);
BIO_free(bio);
wolfSSL_CTX_free(ctx);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_connect(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
BIO *tcpBio;
BIO *sslBio;
SSL_CTX* ctx;
SSL *ssl;
SSL *sslPtr;
char msg[] = "hello wolfssl!";
char reply[30];
char buff[10] = {0};
printf(testingFmt, "wolfSSL_BIO_new_connect()");
/* Setup server */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
/* Start the test proper */
/* Setup the TCP BIO */
AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
/* Setup the SSL object */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
SSL_set_connect_state(ssl);
/* Setup the SSL BIO */
AssertNotNull(sslBio = BIO_new(BIO_f_ssl()));
AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
/* Verify that BIO_get_ssl works. */
AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
AssertPtrEq(ssl, sslPtr);
/* Link BIO's so that sslBio uses tcpBio for IO */
AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio);
/* Do TCP connect */
AssertIntEQ(BIO_do_connect(sslBio), 1);
/* Do TLS handshake */
AssertIntEQ(BIO_do_handshake(sslBio), 1);
/* Test writing */
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
/* Expect length of default wolfSSL reply */
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Clean it all up */
BIO_free_all(sslBio);
/* Server clean up */
join_thread(serverThread);
FreeTcpReady(&ready);
/* Run the same test, but use BIO_new_ssl_connect and set the IP and port
* after. */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
AssertNotNull(sslBio = BIO_new_ssl_connect(ctx));
AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1);
AssertIntEQ(BIO_do_connect(sslBio), 1);
AssertIntEQ(BIO_do_handshake(sslBio), 1);
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Attempt to close the TLS connection gracefully. */
BIO_ssl_shutdown(sslBio);
BIO_free_all(sslBio);
join_thread(serverThread);
FreeTcpReady(&ready);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
{
BIO* clientBio;
SSL* sslClient;
SSL_CTX* ctx;
char connectAddr[20]; /* IP + port */;
(void)args;
AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
AssertNotNull(clientBio = BIO_new_connect(connectAddr));
AssertIntEQ(BIO_do_connect(clientBio), 1);
AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
AssertNotNull(sslClient = SSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
SSL_set_bio(sslClient, clientBio, clientBio);
AssertIntEQ(SSL_connect(sslClient), 1);
SSL_free(sslClient);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return 0;
}
#endif
static void test_wolfSSL_BIO_accept(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
BIO* serverBindBio;
BIO* serverAcceptBio;
SSL* sslServer;
SSL_CTX* ctx;
func_args args;
THREAD_TYPE thread;
char port[10]; /* 10 bytes should be enough to store the string
* representation of the port */
printf(testingFmt, "wolfSSL_BIO_new_accept()");
AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
AssertNotNull(serverBindBio = BIO_new_accept(port));
/* First BIO_do_accept binds the port */
AssertIntEQ(BIO_do_accept(serverBindBio), 1);
XMEMSET(&args, 0, sizeof(func_args));
start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
AssertIntEQ(BIO_do_accept(serverBindBio), 1);
/* Let's plug it into SSL to test */
AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertNotNull(sslServer = SSL_new(ctx));
AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio));
SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
AssertIntEQ(SSL_accept(sslServer), 1);
join_thread(thread);
BIO_free(serverBindBio);
SSL_free(sslServer);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_write(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
BIO* bio;
BIO* bio64;
BIO* ptr;
int sz;
char msg[] = "conversion test";
char out[40];
char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
void* bufPtr = NULL;
BUF_MEM* buf = NULL;
printf(testingFmt, "wolfSSL_BIO_write()");
AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
/* now should convert to base64 then write to memory */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
BIO_flush(bio);
/* test BIO chain */
AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
AssertNotNull(buf);
AssertIntEQ(buf->length, 25);
AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
AssertPtrEq(buf->data, bufPtr);
AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
AssertIntEQ(XMEMCMP(out, expected, sz), 0);
/* write then read should return the same message */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ(BIO_read(bio, out, sz), 16);
AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
/* now try encoding with no line ending */
BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
#ifdef HAVE_EX_DATA
BIO_set_ex_data(bio64, 0, (void*) "data");
AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
#endif
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
BIO_flush(bio);
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
AssertIntEQ(XMEMCMP(out, expected, sz), 0);
BIO_free_all(bio); /* frees bio64 also */
/* test with more than one bio64 in list */
AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));
/* now should convert to base64 when stored and then decode with read */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
BIO_flush(bio);
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
AssertIntEQ(XMEMCMP(out, msg, sz), 0);
BIO_clear_flags(bio64, ~0);
BIO_set_retry_read(bio);
BIO_free_all(bio); /* frees bio64s also */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_printf(void)
{
#if defined(OPENSSL_ALL)
BIO* bio;
int sz = 7;
char msg[] = "TLS 1.3 for the world";
char out[60];
char expected[] = "TLS 1.3 for the world : sz = 7";
printf(testingFmt, "wolfSSL_BIO_printf()");
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_f_md(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
BIO *bio, *mem;
char msg[] = "message to hash";
char out[60];
EVP_MD_CTX* ctx;
const unsigned char testKey[] =
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
const char testData[] = "Hi There";
const unsigned char testResult[] =
{
0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
const unsigned char expectedHash[] =
{
0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
};
const unsigned char emptyHash[] =
{
0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
};
unsigned char check[sizeof(testResult) + 1];
size_t checkSz = -1;
EVP_PKEY* key;
printf(testingFmt, "wolfSSL_BIO_f_md()");
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertNotNull(mem = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
/* should not be able to write/read yet since just digest wrapper and no
* data is passing through the bio */
AssertIntEQ(BIO_write(bio, msg, 0), 0);
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
AssertIntEQ(BIO_gets(bio, out, 3), 0);
AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
BIO_reset(bio);
/* append BIO mem to bio in order to read/write */
AssertNotNull(bio = BIO_push(bio, mem));
XMEMSET(out, 0, sizeof(out));
AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
AssertIntEQ(BIO_pending(bio), 16);
/* this just reads the message and does not hash it (gets calls final) */
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
/* create a message digest using BIO */
XMEMSET(out, 0, sizeof(out));
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
AssertIntEQ(BIO_pending(mem), 16);
AssertIntEQ(BIO_pending(bio), 16);
AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
BIO_free(bio);
BIO_free(mem);
/* test with HMAC */
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertNotNull(mem = BIO_new(BIO_s_mem()));
BIO_get_md_ctx(bio, &ctx);
AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
testKey, (int)sizeof(testKey)));
EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
AssertNotNull(bio = BIO_push(bio, mem));
BIO_write(bio, testData, (int)strlen(testData));
EVP_DigestSignFinal(ctx, NULL, &checkSz);
EVP_DigestSignFinal(ctx, check, &checkSz);
AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
EVP_PKEY_free(key);
BIO_free(bio);
BIO_free(mem);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_up_ref(void)
{
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
BIO* bio;
printf(testingFmt, "wolfSSL_BIO_up_ref()");
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertIntEQ(BIO_up_ref(NULL), 0);
AssertIntEQ(BIO_up_ref(bio), 1);
BIO_free(bio);
AssertIntEQ(BIO_up_ref(bio), 1);
BIO_free(bio);
BIO_free(bio);
printf(resultFmt, "passed");
#endif
}
#endif /* !NO_BIO */
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
/* test that the callback arg is correct */
static int certCbArg = 0;
static int clientCertCb(WOLFSSL* ssl, void* arg)
{
if (ssl == NULL || arg != &certCbArg)
return 0;
if (wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
return 1;
}
static void clientCertSetupCb(WOLFSSL_CTX* ctx)
{
SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg);
}
/**
* This is only done because test_client_nofail has no way to stop
* certificate and key loading
*/
static void clientCertClearCb(WOLFSSL* ssl)
{
/* Clear the loaded certs to force the callbacks to set them up */
SSL_certs_clear(ssl);
}
static int serverCertCb(WOLFSSL* ssl, void* arg)
{
if (ssl == NULL || arg != &certCbArg)
return 0;
if (wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
return 1;
}
static void serverCertSetupCb(WOLFSSL_CTX* ctx)
{
SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg);
}
/**
* This is only done because test_server_nofail has no way to stop
* certificate and key loading
*/
static void serverCertClearCb(WOLFSSL* ssl)
{
/* Clear the loaded certs to force the callbacks to set them up */
SSL_certs_clear(ssl);
}
#endif
static void test_wolfSSL_cert_cb(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
callback_functions func_cb_client;
callback_functions func_cb_server;
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
client_args.callbacks = &func_cb_client;
server_args.callbacks = &func_cb_server;
func_cb_client.ctx_ready = clientCertSetupCb;
func_cb_client.ssl_ready = clientCertClearCb;
func_cb_server.ctx_ready = serverCertSetupCb;
func_cb_server.ssl_ready = serverCertClearCb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif
}
static void test_wolfSSL_SESSION(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
WOLFSSL_SESSION* sess;
WOLFSSL_SESSION* sess_copy;
unsigned char* sessDer = NULL;
unsigned char* ptr = NULL;
#ifdef OPENSSL_EXTRA
const unsigned char context[] = "user app context";
unsigned int contextSz = (unsigned int)sizeof(context);
#endif
int ret, err, sockfd, sz;
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
char msg[80];
const char* sendGET = "GET";
printf(testingFmt, "wolfSSL_SESSION()");
/* TLS v1.3 requires session tickets */
/* CHACHA and POLY1305 required for myTicketEncCb */
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
!defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifdef HAVE_SESSION_TICKET
/* Use session tickets, for ticket tests below */
AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* client connection */
ssl = wolfSSL_new(ctx);
tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), SSL_SUCCESS);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, (int)XSTRLEN(sendGET));
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, msg, sizeof(msg));
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, 23);
sess = wolfSSL_get_session(ssl);
#if defined(OPENSSL_EXTRA)
AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0);
AssertIntEQ(SSL_SESSION_is_resumable(sess), 1);
#else
AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0);
AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1);
#endif
AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
#ifdef HAVE_SESSION_TICKET
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
SESSION_TICKET_HINT_DEFAULT);
#else
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
#endif
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
{
X509 *x509;
char buf[30];
int bufSz;
AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
X509_get_subject_name(x509), NID_organizationalUnitName,
buf, sizeof(buf))), 0);
AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
if (bufSz == 7) {
AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
}
if (bufSz == 16) {
AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
}
}
#endif
AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
wolfSSL_SESSION_free(sess_copy);
/* get session from DER and update the timeout */
AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
wolfSSL_SESSION_free(sess);
ptr = sessDer;
AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
(const unsigned char**)&ptr, sz));
XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
/* successful set session test */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS);
#ifdef HAVE_SESSION_TICKET
/* Test set/get session ticket */
{
const char* ticket = "This is a session ticket";
char buf[64] = {0};
word32 bufSz = (word32)sizeof(buf);
AssertIntEQ(SSL_SUCCESS,
wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket)));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
AssertStrEQ(ticket, buf);
}
#endif
#ifdef OPENSSL_EXTRA
/* session timeout case */
/* make the session to be expired */
AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
XSLEEP_MS(1200);
/* SSL_set_session should reject specified session but return success
* if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
*/
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
/* fail case with miss match session context IDs (use compatibility API) */
AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
wolfSSL_free(ssl);
AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
SSL_FAILURE);
AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
SSL_SUCCESS);
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
#endif
wolfSSL_free(ssl);
SSL_SESSION_free(sess);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ticket_keys(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx;
byte keys[WOLFSSL_TICKET_KEYS_SZ];
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_d2i_PUBKEY(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_d2i_PUBKEY()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNull(d2i_PUBKEY_bio(NULL, NULL));
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
/* RSA PUBKEY test */
AssertIntGT(BIO_write(bio, client_keypub_der_2048,
sizeof_client_keypub_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
/* ECC PUBKEY test */
AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
sizeof_ecc_clikeypub_der_256), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA)
/* DSA PUBKEY test */
AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048,
sizeof_dsa_pub_key_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2))
/* DH PUBKEY test */
AssertIntGT(BIO_write(bio, dh_pub_key_der_2048,
sizeof_dh_pub_key_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
BIO_free(bio);
(void)pkey;
printf(resultFmt, passed);
#endif
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
#ifndef NO_RSA
#endif
WOLFSSL_CTX* ctx;
#if defined(WOLFSSL_KEY_GEN)
unsigned char buff[4096];
unsigned char* bufPtr = buff;
#endif
printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
/* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/server-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA)
{
RSA* rsa = NULL;
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
/*i2d RSAprivate key tests */
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
bufPtr = NULL;
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
AssertNotNull(bufPtr);
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
RSA_free(rsa);
}
#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio);
bio = NULL;
printf(resultFmt, passed);
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
#endif /* !NO_BIO */
static void test_wolfSSL_sk_GENERAL_NAME(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA)
X509* x509;
GENERAL_NAME* gn;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes, i;
XFILE f;
STACK_OF(GENERAL_NAME)* sk;
printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
f = XFOPEN(cliCertDerFileExt, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
NID_subject_alt_name, NULL, NULL));
AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
switch (gn->type) {
case GEN_DNS:
printf("found type GEN_DNS\n");
break;
case GEN_EMAIL:
printf("found type GEN_EMAIL\n");
break;
case GEN_URI:
printf("found type GEN_URI\n");
break;
}
}
X509_free(x509);
sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_GENERAL_NAME_print(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)
X509* x509;
GENERAL_NAME* gn;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes;
XFILE f;
STACK_OF(GENERAL_NAME)* sk;
BIO* out;
unsigned char outbuf[128];
X509_EXTENSION* ext;
AUTHORITY_INFO_ACCESS* aia;
ACCESS_DESCRIPTION* ad;
const unsigned char v4Addr[] = {192,168,53,1};
const unsigned char v6Addr[] =
{0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77};
const unsigned char email[] =
{'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
const char* dnsStr = "DNS:example.com";
const char* uriStr = "URI:http://127.0.0.1:22220";
const char* v4addStr = "IP Address:192.168.53.1";
const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
const char* emailStr = "email:info@wolfssl.com";
const char* othrStr = "othername:<unsupported>";
const char* x400Str = "X400Name:<unsupported>";
const char* ediStr = "EdiPartyName:<unsupported>";
printf(testingFmt, "test_wolfSSL_GENERAL_NAME_print()");
/* BIO to output */
AssertNotNull(out = BIO_new(BIO_s_mem()));
/* test for NULL param */
gn = NULL;
AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0);
AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0);
AssertIntEQ(GENERAL_NAME_print(out, NULL), 0);
/* test for GEN_DNS */
f = XFOPEN(cliCertDerFileExt, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
NID_subject_alt_name, NULL, NULL));
AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0));
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
BIO_read(out, outbuf, sizeof(outbuf));
AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
X509_free(x509);
/* test for GEN_URI */
f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb");
AssertTrue((f != XBADFILE));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4));
aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
AssertNotNull(aia);
ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0);
gn = ad->location;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0);
wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
AssertNotNull(aia);
AUTHORITY_INFO_ACCESS_free(aia);
X509_free(x509);
/* test for GEN_IPADD */
/* ip v4 address */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_IPADD;
gn->d.iPAddress->length = sizeof(v4Addr);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr,
sizeof(v4Addr)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
GENERAL_NAME_free(gn);
/* ip v6 address */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_IPADD;
gn->d.iPAddress->length = sizeof(v6Addr);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr,
sizeof(v6Addr)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_EMAIL */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_EMAIL;
gn->d.rfc822Name->length = sizeof(email);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email,
sizeof(email)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_OTHERNAME */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_OTHERNAME;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_X400 */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_X400;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_EDIPARTY */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_EDIPARTY;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0);
GENERAL_NAME_free(gn);
BIO_free(out);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_sk_DIST_POINT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA)
X509* x509;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes, i, j;
XFILE f;
DIST_POINT* dp;
GENERAL_NAME* gn;
ASN1_IA5STRING* uri;
STACK_OF(DIST_POINT)* dps;
STACK_OF(GENERAL_NAME)* gns;
const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
printf(testingFmt, "wolfSSL_sk_DIST_POINT()");
f = XFOPEN(cliCertDerCrlDistPoint, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509,
NID_crl_distribution_points, NULL, NULL));
AssertIntEQ(sk_DIST_POINT_num(dps), 1);
for (i = 0; i < sk_DIST_POINT_num(dps); i++) {
AssertNotNull(dp = sk_DIST_POINT_value(dps, i));
gns = dp->distpoint->name.fullname;
AssertNotNull(gns);
AssertIntEQ(sk_GENERAL_NAME_num(gns), 1);
for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) {
gn = sk_GENERAL_NAME_value(gns, j);
AssertIntEQ(gn->type, GEN_URI);
AssertNotNull(uri = gn->d.uniformResourceIdentifier);
AssertNotNull(uri->data);
AssertIntGT(uri->length, 0);
}
}
X509_free(x509);
CRL_DIST_POINTS_free(dps);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD4(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
MD4_CTX md4;
unsigned char out[16]; /* MD4_DIGEST_SIZE */
const char* msg = "12345678901234567890123456789012345678901234567890123456"
"789012345678901234567890";
const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
"\xcc\x05\x36";
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_MD4()");
XMEMSET(out, 0, sizeof(out));
MD4_Init(&md4);
MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
MD4_Final(out, &md4);
AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
defined(WOLFSSL_KEY_GEN)
RSA* rsa;
const BIGNUM *n;
const BIGNUM *e;
const BIGNUM *d;
const BIGNUM *p;
const BIGNUM *q;
const BIGNUM *dmp1;
const BIGNUM *dmq1;
const BIGNUM *iqmp;
printf(testingFmt, "wolfSSL_RSA()");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 256);
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2))) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_INTEL_QA) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
AssertIntEQ(RSA_check_key(rsa), WOLFSSL_SUCCESS);
#endif
/* sanity check */
AssertIntEQ(RSA_bits(NULL), 0);
/* key */
AssertIntEQ(RSA_bits(rsa), 2048);
RSA_get0_key(rsa, &n, &e, &d);
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
AssertPtrEq(rsa->d, d);
AssertNotNull(n = BN_new());
AssertNotNull(e = BN_new());
AssertNotNull(d = BN_new());
AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
AssertPtrEq(rsa->d, d);
/* crt_params */
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
AssertPtrEq(rsa->dmp1, dmp1);
AssertPtrEq(rsa->dmq1, dmq1);
AssertPtrEq(rsa->iqmp, iqmp);
AssertNotNull(dmp1 = BN_new());
AssertNotNull(dmq1 = BN_new());
AssertNotNull(iqmp = BN_new());
AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1);
AssertPtrEq(rsa->dmp1, dmp1);
AssertPtrEq(rsa->dmq1, dmq1);
AssertPtrEq(rsa->iqmp, iqmp);
/* factors */
RSA_get0_factors(rsa, &p, &q);
AssertPtrEq(rsa->p, p);
AssertPtrEq(rsa->q, q);
AssertNotNull(p = BN_new());
AssertNotNull(q = BN_new());
AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
AssertPtrEq(rsa->p, p);
AssertPtrEq(rsa->q, q);
AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
AssertIntEQ(RSA_bits(rsa), 21);
RSA_free(rsa);
#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 384);
AssertIntEQ(RSA_bits(rsa), 3072);
RSA_free(rsa);
#endif
/* remove for now with odd key size until adjusting rsa key size check with
wc_MakeRsaKey()
AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
RSA_free(rsa);
*/
AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
{
byte buff[FOURK_BUF];
byte der[FOURK_BUF];
const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
XFILE f;
int bytes;
/* test loading encrypted RSA private pem w/o password */
f = XFOPEN(PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
XMEMSET(der, 0, sizeof(der));
/* test that error value is returned with no password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_DER(void)
{
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
RSA *rsa;
int i;
unsigned char *buff = NULL;
struct tbl_s
{
const unsigned char *der;
int sz;
} tbl[] = {
#ifdef USE_CERT_BUFFERS_1024
{client_key_der_1024, sizeof_client_key_der_1024},
{server_key_der_1024, sizeof_server_key_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
{client_key_der_2048, sizeof_client_key_der_2048},
{server_key_der_2048, sizeof_server_key_der_2048},
#endif
{NULL, 0}
};
/* Public Key DER */
struct tbl_s pub[] = {
#ifdef USE_CERT_BUFFERS_1024
{client_keypub_der_1024, sizeof_client_keypub_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
{client_keypub_der_2048, sizeof_client_keypub_der_2048},
#endif
{NULL, 0}
};
printf(testingFmt, "test_wolfSSL_RSA_DER()");
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
for (i = 0; pub[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz));
AssertNotNull(rsa);
AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
buff = NULL;
AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz);
AssertNotNull(buff);
AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz));
XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
RSA_free(rsa);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_get0_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
RSA *rsa = NULL;
const BIGNUM* n = NULL;
const BIGNUM* e = NULL;
const BIGNUM* d = NULL;
const unsigned char* der;
int derSz;
#ifdef USE_CERT_BUFFERS_1024
der = client_key_der_1024;
derSz = sizeof_client_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
der = client_key_der_2048;
derSz = sizeof_client_key_der_2048;
#else
der = NULL;
derSz = 0;
#endif
printf(testingFmt, "test_wolfSSL_RSA_get0_key()");
if (der != NULL) {
RSA_get0_key(NULL, NULL, NULL, NULL);
RSA_get0_key(rsa, NULL, NULL, NULL);
RSA_get0_key(NULL, &n, &e, &d);
AssertNull(n);
AssertNull(e);
AssertNull(d);
AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
AssertNotNull(rsa);
RSA_get0_key(rsa, NULL, NULL, NULL);
RSA_get0_key(rsa, &n, NULL, NULL);
AssertNotNull(n);
RSA_get0_key(rsa, NULL, &e, NULL);
AssertNotNull(e);
RSA_get0_key(rsa, NULL, NULL, &d);
AssertNotNull(d);
RSA_get0_key(rsa, &n, &e, &d);
AssertNotNull(n);
AssertNotNull(e);
AssertNotNull(d);
RSA_free(rsa);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_meth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
RSA *rsa;
RSA_METHOD *rsa_meth;
printf(testingFmt, "test_wolfSSL_RSA_meth");
#ifdef WOLFSSL_KEY_GEN
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
RSA_free(rsa);
#else
AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
AssertNotNull(rsa_meth =
RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
#ifndef NO_WOLFSSL_STUB
AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
#endif
AssertNotNull(rsa = RSA_new());
AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
AssertPtrEq(RSA_get_method(rsa), rsa_meth);
AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK);
RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
/* rsa_meth is freed here */
RSA_free(rsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_verify_mode(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
printf(testingFmt, "test_wolfSSL_verify()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
SSL_free(ssl);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
SSL_free(ssl);
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
#endif
AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_verify_depth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
long depth;
printf(testingFmt, "test_wolfSSL_verify_depth()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
SSL_free(ssl);
SSL_CTX_set_verify_depth(ctx, -1);
AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
SSL_CTX_set_verify_depth(ctx, 2);
AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(2, SSL_get_verify_depth(ssl));
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
* buffer of 64 bytes.
*
* returns the size of the digest buffer on success and a negative value on
* failure.
*/
static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
{
HMAC_CTX ctx1;
HMAC_CTX ctx2;
unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
unsigned char long_key[] =
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789";
unsigned char msg[] = "message to hash";
unsigned int digestSz = 64;
int keySz = sizeof(key);
int long_keySz = sizeof(long_key);
int msgSz = sizeof(msg);
unsigned char digest2[64];
unsigned int digestSz2 = 64;
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* test HMAC_Init with NULL key */
/* init after copy */
printf("test HMAC_Init with NULL key (0)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* long key */
printf("test HMAC_Init with NULL key (1)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* init before copy */
printf("test HMAC_Init with NULL key (2)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
return digestSz;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
static void test_wolfSSL_HMAC_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
unsigned char digest[64];
int digestSz;
printf(testingFmt, "wolfSSL_HMAC_CTX()");
#ifndef NO_SHA
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
"\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
"\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
"\x02\x0E", digest, digestSz), 0);
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
"\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
"\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
"\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
"\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
"\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
digest, digestSz), 0);
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
"\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
"\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
"\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
"\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
digest, digestSz), 0);
#endif /* WOLFSSL_SHA512 */
#ifndef NO_MD5
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
"\xE4\x98\xDD", digest, digestSz), 0);
#endif /* !NO_MD5 */
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
static void sslMsgCb(int w, int version, int type, const void* buf,
size_t sz, SSL* ssl, void* arg)
{
int i;
unsigned char* pt = (unsigned char*)buf;
printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading",
(int)sz, version, type);
for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]);
printf("\n");
(void)ssl;
(void)arg;
}
#endif /* OPENSSL_EXTRA */
static void test_wolfSSL_msg_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
printf(testingFmt, "wolfSSL_msg_callback()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
printf(testingFmt, "wolfSSL_SHA()");
#if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
unsigned char out[WC_SHA_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
/* SHA interface test */
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNull(SHA(NULL, XSTRLEN((char*)in), out));
AssertNotNull(SHA(in, 0, out));
AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL));
AssertNotNull(SHA(NULL, 0, out));
AssertNotNull(SHA(NULL, 0, NULL));
AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
}
#endif
#if !defined(NO_SHA256)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
unsigned char out[WC_SHA256_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA384)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
unsigned char out[WC_SHA384_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA512)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
unsigned char out[WC_SHA512_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DH_1536_prime(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
BIGNUM* bn;
unsigned char bits[200];
int sz = 192; /* known binary size */
const byte expected[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
};
printf(testingFmt, "wolfSSL_DH_1536_prime()");
bn = get_rfc3526_prime_1536(NULL);
AssertNotNull(bn);
AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
AssertIntEQ(0, XMEMCMP(expected, bits, sz));
BN_free(bn);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_write_DHparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH* dh;
BIO* bio;
XFILE fp;
byte pem[2048];
int pemSz;
const char expected[] =
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\
v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\
nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\
joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\
wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\
tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
-----END DH PARAMETERS-----\n";
printf(testingFmt, "wolfSSL_PEM_write_DHparams()");
AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
XFCLOSE(fp);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
BIO_free(bio);
AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
XFCLOSE(fp);
DH_free(dh);
/* check results */
XMEMSET(pem, 0, sizeof(pem));
AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
XFCLOSE(fp);
printf(resultFmt, passed);
#endif
}
/* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
(!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
static void binary_dump(void *ptr, int size)
{
#ifdef WOLFSSL_EVP_PRINT
int i = 0;
unsigned char *p = (unsigned char *) ptr;
printf("{");
while((p != NULL) && (i < size)) {
if((i % 8) == 0) {
printf("\n");
printf(" ");
}
printf("0x%02x, ", p[i]);
i++;
}
printf("\n};\n");
#else
(void) ptr;
(void) size;
#endif
}
static int last_val = 0x0f;
static int check_result(unsigned char *data, int len)
{
int i;
for( ; len; ) {
last_val = (last_val + 1) % 16;
for(i = 0; i < 16; len--, i++, data++)
if(*data != last_val) {
return -1;
}
}
return 0;
}
static int r_offset;
static int w_offset;
static void init_offset(void)
{
r_offset = 0;
w_offset = 0;
}
static void get_record(unsigned char *data, unsigned char *buf, int len)
{
XMEMCPY(buf, data+r_offset, len);
r_offset += len;
}
static void set_record(unsigned char *data, unsigned char *buf, int len)
{
XMEMCPY(data+w_offset, buf, len);
w_offset += len;
}
static void set_plain(unsigned char *plain, int rec)
{
int i, j;
unsigned char *p = plain;
#define BLOCKSZ 16
for(i=0; i<(rec/BLOCKSZ); i++){
for(j=0; j<BLOCKSZ; j++)
*p++ = (i % 16);
}
}
#endif
static int test_wolfSSL_EVP_Cipher_extra(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
(!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
/* aes128-cbc, keylen=16, ivlen=16 */
byte aes128_cbc_key[] = {
0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
};
byte aes128_cbc_iv[] = {
0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
0x99, 0x00, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
};
/* teset data size table */
int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
int test_drive2[] = {8, 3, 8, 512, 0};
int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
int test_drive_len[100];
int ret = 0;
EVP_CIPHER_CTX *evp = NULL;
int ilen = 0;
int klen = 0;
int i, j;
const EVP_CIPHER *type;
byte *iv;
byte *key;
int ivlen;
int keylen;
#define RECORDS 16
#define BUFFSZ 512
byte plain [BUFFSZ * RECORDS];
byte cipher[BUFFSZ * RECORDS];
byte inb[BUFFSZ];
byte outb[BUFFSZ+16];
int outl, inl;
iv = aes128_cbc_iv;
ivlen = sizeof(aes128_cbc_iv);
key = aes128_cbc_key;
keylen = sizeof(aes128_cbc_key);
type = EVP_aes_128_cbc();
set_plain(plain, BUFFSZ * RECORDS);
SSL_library_init();
AssertNotNull(evp = EVP_CIPHER_CTX_new());
AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
klen = EVP_CIPHER_CTX_key_length(evp);
if (klen > 0 && keylen != klen) {
AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
}
ilen = EVP_CIPHER_CTX_iv_length(evp);
if (ilen > 0 && ivlen != ilen) {
AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
}
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
for (j = 0; j<RECORDS; j++)
{
inl = BUFFSZ;
get_record(plain, inb, inl);
AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, inb, inl)), 0);
set_record(cipher, outb, outl);
}
for (i = 0; test_drive[i]; i++) {
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
init_offset();
test_drive_len[i] = 0;
for (j = 0; test_drive[i][j]; j++)
{
inl = test_drive[i][j];
test_drive_len[i] += inl;
get_record(plain, inb, inl);
AssertIntNE((ret = EVP_EncryptUpdate(evp, outb, &outl, inb, inl)), 0);
/* output to cipher buffer, so that following Dec test can detect
if any error */
set_record(cipher, outb, outl);
}
EVP_CipherFinal(evp, outb, &outl);
if(outl > 0)
set_record(cipher, outb, outl);
}
for (i = 0; test_drive[i]; i++) {
last_val = 0x0f;
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);
init_offset();
for (j = 0; test_drive[i][j]; j++){
inl = test_drive[i][j];
get_record(cipher, inb, inl);
AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0);
binary_dump(outb, outl);
AssertIntEQ((ret = check_result(outb, outl)), 0);
AssertFalse(outl > ((inl/16+1)*16) && outl > 16);
}
ret = EVP_CipherFinal(evp, outb, &outl);
binary_dump(outb, outl);
ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) ||
(((test_drive_len[i] % 16) == 0) && (ret == 1));
AssertTrue(ret);
}
EVP_CIPHER_CTX_free(evp);
#endif /* test_EVP_Cipher */
return 0;
}
static void test_wolfSSL_PEM_read_DHparams(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO) && \
!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH* dh;
XFILE fp;
unsigned char derOut[300];
unsigned char* derOutBuf = derOut;
int derOutSz = 0;
unsigned char derExpected[300];
int derExpectedSz = 0;
printf(testingFmt, "wolfSSL_PEM_read_DHparams()");
XMEMSET(derOut, 0, sizeof(derOut));
XMEMSET(derExpected, 0, sizeof(derExpected));
/* open DH param file, read into DH struct */
AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
/* bad args */
AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
/* good args */
AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
XFCLOSE(fp);
/* read in certs/dh2048.der for comparison against exported params */
fp = XFOPEN("./certs/dh2048.der", "rb");
AssertTrue(fp != XBADFILE);
derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp);
XFCLOSE(fp);
/* export DH back to DER and compare */
derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
AssertIntEQ(derOutSz, derExpectedSz);
AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
/* Test parsing with X9.42 header */
fp = XFOPEN("./certs/x942dh2048.pem", "rb");
AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
XFCLOSE(fp);
DH_free(dh);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_AES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
AES_KEY aes;
const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
const byte verify[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
const byte key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte out[AES_BLOCK_SIZE];
printf(testingFmt, "wolfSSL_AES_ecb_encrypt()");
AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
#ifdef HAVE_AES_DECRYPT
AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
#endif
/* test bad arguments */
AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "message digest";
byte hash[WC_MD5_DIGEST_SIZE];
unsigned char output1[] =
"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
unsigned char output2[] =
"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
WOLFSSL_MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5()");
XMEMSET(&md5, 0, sizeof(md5));
/* Test cases for illegal parameters */
AssertIntEQ(MD5_Init(NULL), 0);
AssertIntEQ(MD5_Init(&md5), 1);
AssertIntEQ(MD5_Update(NULL, input1, 0), 0);
AssertIntEQ(MD5_Update(NULL, NULL, 0), 0);
AssertIntEQ(MD5_Update(&md5, NULL, 1), 0);
AssertIntEQ(MD5_Final(NULL, &md5), 0);
AssertIntEQ(MD5_Final(hash, NULL), 0);
AssertIntEQ(MD5_Final(NULL, NULL), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
XSTRLEN((const char*)&input1)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
(int)XSTRLEN((const char*)input2)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
#if !defined(NO_OLD_NAMES) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
AssertPtrNE(MD5(input1, 1, NULL), NULL);
AssertPtrNE(MD5(NULL, 0, NULL), NULL);
AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
{
byte data[] = "Data to be hashed.";
XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
AssertNotNull(MD5(data, sizeof(data), NULL));
AssertNotNull(MD5(data, sizeof(data), hash));
AssertNotNull(MD5(NULL, 0, hash));
AssertNull(MD5(NULL, sizeof(data), hash));
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD5_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_MD5_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
unsigned char output2[] =
"\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
#else
unsigned char output1[] =
"\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
unsigned char output2[] =
"\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
#endif
MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5_Transform()");
XMEMSET(&md5, 0, sizeof(md5));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(MD5_Transform(NULL, NULL), 0);
AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(MD5_Transform(&md5, NULL), 0);
AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(MD5_Init(&md5), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
WC_MD5_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA224(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
unsigned char input[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
unsigned char output[] =
"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
size_t inLen;
byte hash[WC_SHA224_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_SHA224()");
inLen = XSTRLEN((char*)input);
XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
AssertNull(SHA224(NULL, inLen, hash));
AssertNotNull(SHA224(input, 0, hash));
AssertNotNull(SHA224(input, inLen, NULL));
AssertNotNull(SHA224(NULL, 0, hash));
AssertNotNull(SHA224(NULL, 0, NULL));
AssertNotNull(SHA224(input, inLen, hash));
AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
"\x09\xf7\x3a\x93";
unsigned char output2[] =
"\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
"\x7c\x6e\x08\xb8";
#else
unsigned char output1[] =
"\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
"\x93\x3a\xf7\x09";
unsigned char output2[] =
"\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
"\xb8\x08\x6e\x7c";
#endif
SHA_CTX sha;
SHA_CTX sha1;
printf(testingFmt, "wolfSSL_SHA_Transform()");
XMEMSET(&sha, 0, sizeof(sha));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA_Transform(NULL, NULL), 0);
AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA_Transform(&sha, NULL), 0);
AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA1_Transform(&sha, NULL), 0);
AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);
/* Init SHA CTX */
AssertIntEQ(SHA_Init(&sha), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* Init SHA CTX */
AssertIntEQ(SHA_Init(&sha), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* SHA1 */
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
/* Init SHA CTX */
AssertIntEQ(SHA1_Init(&sha1), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* Init SHA CTX */
AssertIntEQ(SHA1_Init(&sha1), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
!defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH)
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA256_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
"\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
unsigned char output2[] =
"\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
"\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
#else
unsigned char output1[] =
"\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
"\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
unsigned char output2[] =
"\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
"\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
#endif
SHA256_CTX sha256;
printf(testingFmt, "wolfSSL_SHA256_Transform()");
XMEMSET(&sha256, 0, sizeof(sha256));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA256_Transform(&sha256, NULL), 0);
AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);
/* Init SHA256 CTX */
AssertIntEQ(SHA256_Init(&sha256), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
WC_SHA256_DIGEST_SIZE), 0);
AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */
/* Init SHA256 CTX */
AssertIntEQ(SHA256_Init(&sha256), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
WC_SHA256_DIGEST_SIZE), 0);
AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
unsigned char input[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
unsigned char output[] =
"\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
size_t inLen;
byte hash[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_SHA256()");
inLen = XSTRLEN((char*)input);
XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
AssertNotNull(SHA256(input, inLen, hash));
AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA512_Transform(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA512_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
"\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
"\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
"\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
unsigned char output2[] =
"\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
"\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
"\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
"\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
#else
unsigned char output1[] =
"\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
"\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
"\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
"\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
unsigned char output2[] =
"\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
"\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
"\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
"\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
#endif
SHA512_CTX sha512;
printf(testingFmt, "wolfSSL_SHA512_Transform()");
XMEMSET(&sha512, 0, sizeof(sha512));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA512_Transform(&sha512, NULL), 0);
AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);
/* Init SHA512 CTX */
AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
WC_SHA512_DIGEST_SIZE), 0);
AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */
/* Init SHA512 CTX */
AssertIntEQ(SHA512_Init(&sha512), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
WC_SHA512_DIGEST_SIZE), 0);
AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */
(void)input1;
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_X509_get_serialNumber(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
ASN1_INTEGER* a;
BIGNUM* bn;
X509* x509;
char *serialHex;
byte serial[3];
int serialSz;
printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(a = X509_get_serialNumber(x509));
/* check on value of ASN1 Integer */
AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
/* test setting serial number and then retrieving it */
AssertNotNull(a = ASN1_INTEGER_new());
ASN1_INTEGER_set(a, 3);
AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
serialSz = sizeof(serial);
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
AssertIntEQ(serialSz, 1);
AssertIntEQ(serial[0], 3);
ASN1_INTEGER_free(a);
/* test setting serial number with 0's in it */
serial[0] = 0x01;
serial[1] = 0x00;
serial[2] = 0x02;
AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
a->data[0] = ASN_INTEGER;
a->data[1] = sizeof(serial);
XMEMCPY(&a->data[2], serial, sizeof(serial));
a->length = sizeof(serial) + 2;
AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
XMEMSET(serial, 0, sizeof(serial));
serialSz = sizeof(serial);
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
AssertIntEQ(serialSz, 3);
AssertIntEQ(serial[0], 0x01);
AssertIntEQ(serial[1], 0x00);
AssertIntEQ(serial[2], 0x02);
ASN1_INTEGER_free(a);
X509_free(x509); /* free's a */
AssertNotNull(serialHex = BN_bn2hex(bn));
#ifndef WC_DISABLE_RADIX_ZERO_PAD
AssertStrEQ(serialHex, "01");
#else
AssertStrEQ(serialHex, "1");
#endif
OPENSSL_free(serialHex);
AssertIntEQ(BN_get_word(bn), 1);
BN_free(bn);
/* hard test free'ing with dynamic buffer to make sure there is no leaks */
a = ASN1_INTEGER_new();
if (a) {
AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
DYNAMIC_TYPE_OPENSSL));
a->isDynamic = 1;
ASN1_INTEGER_free(a);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()");
AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OPENSSL_hexstr2buf(void)
{
#if defined(OPENSSL_EXTRA)
#define MAX_HEXSTR_BUFSZ 9
#define NUM_CASES 5
struct Output {
const unsigned char buffer[MAX_HEXSTR_BUFSZ];
long ret;
};
int i;
int j;
const char* inputs[NUM_CASES] = {
"aabcd1357e",
"01:12:23:34:a5:b6:c7:d8:e9",
":01:02",
"012",
":ab:ac:d"
};
struct Output expectedOutputs[NUM_CASES] = {
{{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
{{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9},
{{0x01, 0x02}, 2},
{{0x00}, 0},
{{0x00}, 0}
};
long len = 0;
unsigned char* returnedBuf = NULL;
printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()");
for (i = 0; i < NUM_CASES; ++i) {
returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
if (returnedBuf == NULL) {
AssertIntEQ(expectedOutputs[i].ret, 0);
continue;
}
AssertIntEQ(expectedOutputs[i].ret, len);
for (j = 0; j < len; ++j) {
AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
}
OPENSSL_free(returnedBuf);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_STRING_print_ex(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
#ifndef NO_BIO
ASN1_STRING* asn_str;
const char data[] = "Hello wolfSSL!";
ASN1_STRING* esc_str;
const char esc_data[] = "a+;<>";
BIO *bio;
unsigned long flags;
int p_len;
unsigned char rbuf[255];
printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
/* setup */
XMEMSET(rbuf, 0, 255);
bio = BIO_new(BIO_s_mem());
BIO_set_write_buf_size(bio,255);
asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));
/* no flags */
XMEMSET(rbuf, 0, 255);
flags = 0;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 15);
BIO_read(bio, (void*)rbuf, 15);
AssertStrEQ((char*)rbuf, "Hello wolfSSL!");
/* RFC2253 Escape */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_ESC_2253;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
AssertIntEQ(p_len, 9);
BIO_read(bio, (void*)rbuf, 9);
AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
/* Show type */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_SHOW_TYPE;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 28);
BIO_read(bio, (void*)rbuf, 28);
AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
/* Dump All */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 31);
BIO_read(bio, (void*)rbuf, 31);
AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
/* Dump Der */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 35);
BIO_read(bio, (void*)rbuf, 35);
AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
/* Dump All + Show type */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 44);
BIO_read(bio, (void*)rbuf, 44);
AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
BIO_free(bio);
ASN1_STRING_free(asn_str);
ASN1_STRING_free(esc_str);
printf(resultFmt, passed);
#endif /* !NO_BIO */
#endif
}
static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
WOLFSSL_ASN1_TIME *t;
WOLFSSL_ASN1_TIME *out;
WOLFSSL_ASN1_TIME *gtime;
int tlen = 0;
unsigned char *data;
printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()");
/* UTC Time test */
AssertNotNull(t = wolfSSL_ASN1_TIME_new());
XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
AssertNotNull(out = wolfSSL_ASN1_TIME_new());
t->type = ASN_UTC_TIME;
t->length = ASN_UTC_TIME_SIZE;
XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
tlen = wolfSSL_ASN1_TIME_get_length(t);
AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
data = wolfSSL_ASN1_TIME_get_data(t);
AssertStrEQ((char*)data, "050727123456Z");
gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
/* Generalized Time test */
XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
t->type = ASN_GENERALIZED_TIME;
t->length = ASN_GENERALIZED_TIME_SIZE;
XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
tlen = wolfSSL_ASN1_TIME_get_length(t);
AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
data = wolfSSL_ASN1_TIME_get_data(t);
AssertStrEQ((char*)data, "20050727123456Z");
gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* Null parameter test */
XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
gtime = NULL;
out = NULL;
t->type = ASN_UTC_TIME;
t->length = ASN_UTC_TIME_SIZE;
XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_CA_num(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
defined(HAVE_ECC) && !defined(NO_RSA)
WOLFSSL_X509_STORE *store;
WOLFSSL_X509 *x509_1, *x509_2;
int ca_num = 0;
printf(testingFmt, "wolfSSL_X509_CA_num()");
store = wolfSSL_X509_STORE_new();
x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
wolfSSL_X509_STORE_add_cert(store, x509_1);
ca_num = wolfSSL_X509_CA_num(store);
AssertIntEQ(ca_num, 1);
x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
wolfSSL_X509_STORE_add_cert(store, x509_2);
ca_num = wolfSSL_X509_CA_num(store);
AssertIntEQ(ca_num, 2);
wolfSSL_X509_free(x509_1);
wolfSSL_X509_free(x509_2);
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_ca(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_check_ca()");
x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_ip_asc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_check_ip_asc()");
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
#if 0
/* TODO: add cert gen for testing positive case */
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
#endif
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DC_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_CERT_EXT)
Cert cert;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
int certSz;
int ret, idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
const unsigned char* pt;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
CertName name;
printf(testingFmt, "wolfSSL Certs with DC");
XMEMSET(&name, 0, sizeof(CertName));
/* set up cert name */
XMEMCPY(name.country, "US", sizeof("US"));
name.countryEnc = CTC_PRINTABLE;
XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
name.stateEnc = CTC_UTF8;
XMEMCPY(name.locality, "Portland", sizeof("Portland"));
name.localityEnc = CTC_UTF8;
XMEMCPY(name.sur, "Test", sizeof("Test"));
name.surEnc = CTC_UTF8;
XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
name.orgEnc = CTC_UTF8;
XMEMCPY(name.unit, "Development", sizeof("Development"));
name.unitEnc = CTC_UTF8;
XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
name.commonNameEnc = CTC_UTF8;
XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
name.serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_MULTI_ATTRIB
#if CTC_MAX_ATTRIB > 2
{
NameAttrib* n;
n = &name.name[0];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &name.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
}
#endif
#endif /* WOLFSSL_MULTI_ATTRIB */
AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
#ifndef HAVE_FIPS
AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
#else
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0);
XMEMSET(&cert, 0 , sizeof(Cert));
AssertIntEQ(wc_InitCert(&cert), 0);
XMEMCPY(&cert.subject, &name, sizeof(CertName));
XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
cert.serialSz = (int)sizeof(mySerial);
cert.isCA = 1;
#ifndef NO_SHA256
cert.sigType = CTC_SHA256wRSA;
#else
cert.sigType = CTC_SHAwRSA;
#endif
/* add SKID from the Public Key */
AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
/* add AKID from the Public Key */
AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
}
} while (ret == WC_PENDING_E);
AssertIntGT(ret, 0);
certSz = ret;
/* der holds a certificate with DC's now check X509 parsing of it */
pt = der;
AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
AssertNotNull(x509name = X509_get_subject_name(x509));
#ifdef WOLFSSL_MULTI_ATTRIB
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), -1);
#endif /* WOLFSSL_MULTI_ATTRIB */
/* compare DN at index 0 */
AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertIntEQ(ASN1_STRING_length(entryValue), 2);
AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
#ifdef WOLFSSL_MULTI_ATTRIB
/* get first and second DC and compare result */
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
#endif /* WOLFSSL_MULTI_ATTRIB */
/* try invalid index locations for regression test and sanity check */
AssertNull(entry = X509_NAME_get_entry(x509name, 11));
AssertNull(entry = X509_NAME_get_entry(x509name, 20));
(void)idx;
X509_free(x509);
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_version(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_get_version()");
x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES_ncbc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
const_DES_cblock myDes;
DES_cblock iv = {1};
DES_key_schedule key = {0};
unsigned char msg[] = "hello wolfssl";
unsigned char out[DES_BLOCK_SIZE * 2] = {0};
unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
printf(testingFmt, "wolfSSL_DES_ncbc()");
/* partial block test */
DES_set_key(&key, &myDes);
DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
DES_set_key(&key, &myDes);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
/* full block test */
DES_set_key(&key, &myDes);
XMEMSET(pln, 0, DES_BLOCK_SIZE);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
DES_set_key(&key, &myDes);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_AES_cbc_encrypt(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
AES_KEY aes;
AES_KEY* aesN = NULL;
size_t len = 0;
size_t lenB = 0;
int keySz0 = 0;
int keySzN = -1;
byte out[AES_BLOCK_SIZE] = {0};
byte* outN = NULL;
const int enc1 = AES_ENCRYPT;
const int enc2 = AES_DECRYPT;
/* Test vectors retrieved from:
* <begin URL>
* https://csrc.nist.gov/
* CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
* documents/aes/KAT_AES.zip
* </end URL>
*/
const byte* pt128N = NULL;
byte* key128N = NULL;
byte* iv128N = NULL;
byte iv128tmp[AES_BLOCK_SIZE] = {0};
const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
len = sizeof(pt128);
#define STRESS_T(a, b, c, d, e, f, g, h, i) \
wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
AssertIntNE(XMEMCMP(b, g, h), i)
#define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0);
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
printf(resultFmt, "Stress Tests: passed");
printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
printf(resultFmt, "Stress Tests: passed");
printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key");
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
printf(resultFmt, "Stress Tests: passed");
#ifdef WOLFSSL_AES_128
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv128tmp, iv128);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1);
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv128tmp, iv128);
len = sizeof(ct128);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2);
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition
* Appendix F.2.3 */
byte iv192tmp[AES_BLOCK_SIZE] = {0};
const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
len = sizeof(pt192);
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv192tmp, iv192);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1);
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode");
len = sizeof(ct192);
RESET_IV(iv192tmp, iv192);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2);
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
* Appendix F.2.5 */
byte iv256tmp[AES_BLOCK_SIZE] = {0};
const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
len = sizeof(pt256);
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv256tmp, iv256);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1);
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode");
len = sizeof(ct256);
RESET_IV(iv256tmp, iv256);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2);
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
byte wrapPlain[sizeof(key256)] = { 0 };
byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit NULL iv");
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
15), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit NULL iv");
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
23), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
sizeof(wrapCipher)), sizeof(wrapPlain));
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
printf(resultFmt, "passed");
XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit custom iv");
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit custom iv");
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
sizeof(wrapCipher)), sizeof(wrapPlain));
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
printf(resultFmt, "passed");
#endif /* HAVE_AES_KEYWRAP */
#endif /* WOLFSSL_AES_256 */
#endif
}
#if defined(OPENSSL_ALL)
#if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
{
#if !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_NAME* subject;
WOLFSSL_X509_NAME_ENTRY* e;
WOLFSSL_ASN1_STRING* a;
FILE* file;
int idx = 0;
char targetOutput[16] = "www.wolfssl.com";
unsigned char* actual_output;
int len = 0;
int result = 0;
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName");
AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
NID_commonName, -1)), 5);
AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
result = strncmp((const char*)actual_output, targetOutput, len);
AssertIntEQ(result, 0);
printf(resultFmt, result == 0 ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
wolfSSL_X509_free(x509);
XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
{
ASN1_STRING* asn1str_test;
ASN1_STRING* asn1str_answer;
/* Each character is encoded using 4 bytes */
char input[] = {
0, 0, 0, 'T',
0, 0, 0, 'e',
0, 0, 0, 's',
0, 0, 0, 't',
};
char output[] = "Test";
printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");
AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
ASN1_STRING_free(asn1str_test);
ASN1_STRING_free(asn1str_answer);
printf(resultFmt, "passed");
}
#endif /* !defined(NO_ASN) */
static void test_wolfSSL_sk_CIPHER_description(void)
{
#if !defined(NO_RSA)
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
int i,j,k;
int numCiphers = 0;
const SSL_METHOD *method = NULL;
const SSL_CIPHER *cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char buf[256];
char test_str[9] = "0000000";
const char badStr[] = "unknown";
const char certPath[] = "./certs/client-cert.pem";
XMEMSET(buf, 0, sizeof(buf));
printf(testingFmt, "wolfSSL_sk_CIPHER_description");
AssertNotNull(method = TLSv1_2_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, flags);
AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
WOLFSSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
/* SSL_get_ciphers returns a stack of all configured ciphers
* A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
*/
AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
/* loop through the amount of supportedCiphers */
numCiphers = sk_num(supportedCiphers);
for (i = 0; i < numCiphers; ++i) {
/* sk_value increments "sk->data.cipher->cipherOffset".
* wolfSSL_sk_CIPHER_description sets the description for
* the cipher based on the provided offset.
*/
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
/* Search cipher description string for "unknown" descriptor */
for (j = 0; j < (int)XSTRLEN(buf); j++) {
k = 0;
while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
test_str[k] = badStr[k];
j++;
k++;
}
}
/* Fail if test_str == badStr == "unknown" */
AssertStrNE(test_str,badStr);
}
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_get_ciphers_compat(void)
{
#if !defined(NO_RSA)
const SSL_METHOD *method = NULL;
const char certPath[] = "./certs/client-cert.pem";
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
SSL_CTX *ctx = NULL;
WOLFSSL *ssl = NULL;
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
printf(testingFmt, "wolfSSL_get_ciphers_compat");
method = SSLv23_client_method();
AssertNotNull(method);
ctx = SSL_CTX_new(method);
AssertNotNull(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, flags);
AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
WOLFSSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
/* Test Bad NULL input */
AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
/* Test for Good input */
AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
/* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
* tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_get(void)
{
WOLFSSL_X509_PUBKEY pubkey;
WOLFSSL_X509_PUBKEY* key;
WOLFSSL_EVP_PKEY evpkey ;
WOLFSSL_EVP_PKEY* evpPkey;
WOLFSSL_EVP_PKEY* retEvpPkey;
XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
key = &pubkey;
evpPkey = &evpkey;
evpPkey->type = WOLFSSL_SUCCESS;
key->pkey = evpPkey;
printf(testingFmt, "wolfSSL_X509_PUBKEY_get()");
AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
key->pkey = NULL;
AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
printf(resultFmt,retEvpPkey == NULL ? passed : failed);
}
static void test_wolfSSL_d2i_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len = 0;
WOLFSSL_DH* dh = NULL;
XMEMSET(buf, 0, sizeof(buf));
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
/* Invalid cases */
AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
DH_free(dh);
printf(resultFmt, passed);
*buf = 0;
pt = buf;
#endif /* HAVE_FFDHE_2048 */
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
/* Invalid cases */
AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
DH_free(dh);
printf(resultFmt, passed);
#endif /* HAVE_FFDHE_3072 */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH */
}
static void test_wolfSSL_i2d_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f;
unsigned char buf[4096];
const unsigned char* pt = buf;
unsigned char* pt2 = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len;
WOLFSSL_DH* dh;
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
/* Invalid case */
AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
/* Return length only */
AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
DH_free(dh);
printf(resultFmt, passed);
*buf = 0;
pt = buf;
pt2 = buf;
#endif
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
/* Invalid case */
AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
/* Return length only */
AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif
}
static void test_wolfSSL_EC_KEY_dup(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_EC_KEY* ecKey;
WOLFSSL_EC_KEY* dupKey;
ecc_key* srcKey;
ecc_key* destKey;
printf(testingFmt, "wolfSSL_EC_KEY_dup()");
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
/* Valid cases */
AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
AssertIntEQ(EC_KEY_check_key(dupKey), 1);
/* Compare pubkey */
srcKey = (ecc_key*)ecKey->internal;
destKey = (ecc_key*)dupKey->internal;
AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
/* compare EC_GROUP */
AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
/* compare EC_POINT */
AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
dupKey->pub_key, NULL), MP_EQ);
/* compare BIGNUM */
AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
wolfSSL_EC_KEY_free(dupKey);
/* Invalid cases */
/* NULL key */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
/* NULL ecc_key */
wc_ecc_free((ecc_key*)ecKey->internal);
XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
ecKey->internal = NULL; /* Set ecc_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL Group */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wolfSSL_EC_GROUP_free(ecKey->group);
ecKey->group = NULL; /* Set group to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL public key */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_POINT_free(ecKey->pub_key);
ecKey->pub_key = NULL; /* Set pub_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL private key */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wolfSSL_BN_free(ecKey->priv_key);
ecKey->priv_key = NULL; /* Set priv_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
{
#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
DSA *dsa = NULL;
DSA *setDsa = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY *set1Pkey = NULL;
SHA_CTX sha;
byte signature[DSA_SIG_SIZE];
byte hash[WC_SHA_DIGEST_SIZE];
word32 bytes;
int answer;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* dsaKeyDer = dsa_key_der1024;
int dsaKeySz = sizeof_dsa_key_der_1024;
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
bytes = dsa_key_der_sz;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* dsaKeyDer = dsa_key_der_2048;
int dsaKeySz = sizeof_dsa_key_der_2048;
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
bytes = dsaKeySz;
#else
const unsigned char* dsaKeyDer = dsa_key_der_2048;
int dsaKeySz = sizeof_dsa_key_der_2048;
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
XFILE fp = XOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
printf(testingFmt,
"wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA");
/* Create hash to later Sign and Verify */
AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
/* Initialize pkey with der format dsa key */
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
&dsaKeyDer ,(long)dsaKeySz));
/* Test wolfSSL_EVP_PKEY_get1_DSA */
/* Should Fail: NULL argument */
AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
/* Should Pass: Initialized pkey argument */
AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
AssertIntEQ(DSA_bits(dsa), 2048);
/* Sign */
AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
/* Verify. */
AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
WOLFSSL_SUCCESS);
/* Test wolfSSL_EVP_PKEY_set1_DSA */
/* Should Fail: set1Pkey not initialized */
AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
/* Initialize set1Pkey */
set1Pkey = EVP_PKEY_new();
/* Should Fail Verify: setDsa not initialized from set1Pkey */
AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
WOLFSSL_SUCCESS);
/* Should Pass: set dsa into set1Pkey */
AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
DSA_free(dsa);
DSA_free(setDsa);
EVP_PKEY_free(pkey);
EVP_PKEY_free(set1Pkey);
#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
} /* END test_EVP_PKEY_set1_get1_DSA */
static void test_wolfSSL_DSA_SIG(void)
{
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FIPS)
DSA *dsa = NULL;
DSA *dsa2 = NULL;
DSA_SIG *sig = NULL;
const BIGNUM *p = NULL;
const BIGNUM *q = NULL;
const BIGNUM *g = NULL;
const BIGNUM *pub = NULL;
const BIGNUM *priv = NULL;
const byte digest[WC_SHA_DIGEST_SIZE] = {0};
printf(testingFmt, "wolfSSL_DSA_SIG");
AssertNotNull(dsa = DSA_generate_parameters(2048,
NULL, 0, NULL, NULL, NULL, NULL));
DSA_free(dsa);
AssertNotNull(dsa = DSA_new());
AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
NULL, 0, NULL, NULL, NULL), 1);
AssertIntEQ(DSA_generate_key(dsa), 1);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub, &priv);
AssertNotNull(p = BN_dup(p));
AssertNotNull(q = BN_dup(q));
AssertNotNull(g = BN_dup(g));
AssertNotNull(pub = BN_dup(pub));
AssertNotNull(priv = BN_dup(priv));
AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
AssertNotNull(dsa2 = DSA_new());
AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1);
AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1);
AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
printf(resultFmt, passed);
DSA_free(dsa);
DSA_free(dsa2);
DSA_SIG_free(sig);
#endif
}
static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
{
#ifdef HAVE_ECC
WOLFSSL_EC_KEY *ecKey = NULL;
WOLFSSL_EC_KEY *ecGet1 = NULL;
EVP_PKEY *pkey = NULL;
printf(testingFmt,
"wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY");
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
/* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
/* Should fail since ecKey is empty */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
/* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(ecGet1);
EVP_PKEY_free(pkey);
/* PASSED */
printf(resultFmt, passed);
#endif /* HAVE_ECC */
} /* END test_EVP_PKEY_set1_get1_EC_KEY */
static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH *dh = NULL;
DH *setDh = NULL;
EVP_PKEY *pkey = NULL;
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
const char* dh2048 = "./certs/dh2048.der";
long len = 0;
int code = -1;
printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH");
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(dh2048, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Load dh2048.der into DH with internal format */
AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
code = -1;
pkey = wolfSSL_EVP_PKEY_new();
/* Set DH into PKEY */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
/* Get DH from PKEY */
AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
EVP_PKEY_free(pkey);
DH_free(setDh);
DH_free(dh);
printf(resultFmt, passed);
#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
} /* END test_EVP_PKEY_set1_get1_DH */
static void test_wolfSSL_CTX_ctrl(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
char caFile[] = "./certs/client-ca.pem";
char clientFile[] = "./certs/client-cert.pem";
SSL_CTX* ctx;
X509* x509 = NULL;
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
byte buf[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
BIO* bio;
DSA* dsa;
DH* dh;
#endif
#ifdef HAVE_ECC
WOLFSSL_EC_KEY* ecKey;
#endif
printf(testingFmt, "wolfSSL_CTX_ctrl");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
/* Initialize DH */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#endif
#ifdef HAVE_ECC
/* Initialize WOLFSSL_EC_KEY */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
#endif
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
/* additional test of getting EVP_PKEY key size from X509
* Do not run with user RSA because wolfSSL_RSA_size is not currently
* allowed with user RSA */
{
EVP_PKEY* pkey;
#if defined(HAVE_ECC)
X509* ecX509;
#endif /* HAVE_ECC */
AssertNotNull(pkey = X509_get_pubkey(x509));
/* current RSA key is 2048 bit (256 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 256);
EVP_PKEY_free(pkey);
#if defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
SSL_FILETYPE_ASN1));
#else
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
cliEccCertFile, SSL_FILETYPE_PEM));
#endif
AssertNotNull(pkey = X509_get_pubkey(ecX509));
/* current ECC key is 256 bit (32 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 32);
X509_free(ecX509);
EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
}
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
/* Tests should fail with passed in NULL pointer */
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
SSL_FAILURE);
#if !defined(NO_DH) && !defined(NO_DSA)
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
SSL_FAILURE);
#endif
#ifdef HAVE_ECC
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
SSL_FAILURE);
#endif
/* Test with SSL_CTRL_EXTRA_CHAIN_CERT
* wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
*/
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
SSL_SUCCESS);
/* Test with SSL_CTRL_OPTIONS
* wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
*/
AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
== SSL_OP_NO_TLSv1);
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
/* Test with SSL_CTRL_SET_TMP_DH
* wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
*/
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
SSL_SUCCESS);
#endif
/* Test with SSL_CTRL_SET_TMP_ECDH
* wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
*/
#ifdef HAVE_ECC
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
SSL_SUCCESS);
#endif
#ifdef WOLFSSL_ENCRYPTED_KEYS
AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif
/* Test for min/max proto */
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
0, NULL), SSL_SUCCESS);
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
TLS1_2_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
#endif
#ifdef WOLFSSL_TLS13
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
0, NULL), SSL_SUCCESS);
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
TLS1_3_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
TLS1_2_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION);
#endif
#endif
/* Cleanup and Pass */
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#endif
#endif
#ifdef HAVE_ECC
wolfSSL_EC_KEY_free(ecKey);
#endif
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_DH_check(void)
{
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
byte buf[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
BIO* bio;
DSA* dsa;
DH* dh = NULL;
WOLFSSL_BIGNUM* pTmp = NULL;
WOLFSSL_BIGNUM* gTmp = NULL;
int codes = -1;
printf(testingFmt, "wolfSSL_DH_check");
/* Initialize DH */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
/* Test assumed to be valid dh.
* Should return WOLFSSL_SUCCESS
* codes should be 0
* Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
*/
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS);
AssertIntEQ(codes, 0);
/* Test NULL dh: expected BAD_FUNC_ARG */
AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE);
/* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
pTmp = dh->p;
dh->p = NULL;
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
/* set dh->p back to normal so it wont fail on next tests */
dh->p = pTmp;
pTmp = NULL;
/* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
gTmp = dh->g;
dh->g = NULL;
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
dh->g = gTmp;
gTmp = NULL;
/* Cleanup and Pass Test */
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif /* !NO_DH && !NO_DSA */
}
static void test_wolfSSL_EVP_PKEY_assign(void)
{
#if defined(OPENSSL_ALL)
int type;
WOLFSSL_EVP_PKEY* pkey;
#ifndef NO_RSA
WOLFSSL_RSA* rsa;
#endif
#ifndef NO_DSA
WOLFSSL_DSA* dsa;
#endif
#ifdef HAVE_ECC
WOLFSSL_EC_KEY* ecKey;
#endif
(void)pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_assign");
#ifndef NO_RSA
type = EVP_PKEY_RSA;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(rsa = wolfSSL_RSA_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_RSA */
#ifndef NO_DSA
type = EVP_PKEY_DSA;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(dsa = wolfSSL_DSA_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_DSA */
#ifdef HAVE_ECC
type = EVP_PKEY_EC;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
(void)type;
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_EVP_PKEY_base_id(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_base_id");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);
AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_id(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_id");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);
AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_keygen");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
/* Good case */
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen_init(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_keygen_init");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_missing_parameters(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_missing_parameters");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
int bits = 2048;
printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
{
#if defined(OPENSSL_ALL)
/* This is large enough to be used for all key sizes */
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int i, enumlen;
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
int enumArray[] = {
#ifdef HAVE_AES_CBC
NID_aes_128_cbc,
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
NID_aes_128_gcm,
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
NID_aes_128_ctr,
#endif
#ifndef NO_DES3
NID_des_cbc,
NID_des_ede3_cbc,
#endif
#ifdef HAVE_IDEA
NID_idea_cbc,
#endif
};
int iv_lengths[] = {
#ifdef HAVE_AES_CBC
AES_BLOCK_SIZE,
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
GCM_NONCE_MID_SZ,
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
AES_BLOCK_SIZE,
#endif
#ifndef NO_DES3
DES_BLOCK_SIZE,
DES_BLOCK_SIZE,
#endif
#ifdef HAVE_IDEA
IDEA_BLOCK_SIZE,
#endif
};
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_iv_length");
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);
EVP_CIPHER_CTX_free(ctx);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_key_length");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int keylen;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen),
WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(NO_DES3)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_BLOCK_SIZE] = {0};
int ivLen, keyLen;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_iv");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE);
/* Good case */
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_new_id(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_ENGINE* e = NULL;
int id = 0;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_new_id");
AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));
EVP_PKEY_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_rc4(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RC4)
printf(testingFmt, "wolfSSL_EVP_rc4");
AssertNotNull(wolfSSL_EVP_rc4());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_enc_null(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "wolfSSL_EVP_enc_null");
AssertNotNull(wolfSSL_EVP_enc_null());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_rc2_cbc(void)
{
#if defined(OPENSSL_ALL) && defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_rc2_cbc");
AssertNull(wolfSSL_EVP_rc2_cbc());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_mdc2(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_mdc2");
AssertNull(wolfSSL_EVP_mdc2());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_md4(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_MD4)
printf(testingFmt, "wolfSSL_EVP_md4");
AssertNotNull(wolfSSL_EVP_md4());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_aes_256_gcm(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "wolfSSL_EVP_aes_256_gcm");
AssertNotNull(wolfSSL_EVP_aes_256_gcm());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_aes_192_gcm(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "wolfSSL_EVP_aes_192_gcm");
AssertNotNull(wolfSSL_EVP_aes_192_gcm());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_ripemd160(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_ripemd160");
AssertNull(wolfSSL_EVP_ripemd160());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_get_digestbynid(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "wolfSSL_EVP_get_digestbynid");
#ifndef NO_MD5
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
AssertNull(wolfSSL_EVP_get_digestbynid(0));
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_nid(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "wolfSSL_EVP_MD_nid");
#ifndef NO_MD5
AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5);
#endif
#ifndef NO_SHA
AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1);
#endif
#ifndef NO_SHA256
AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256);
#endif
AssertIntEQ(EVP_MD_nid(NULL), NID_undef);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
{
#if defined(HAVE_ECC) && defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY");
AssertNotNull(pkey = EVP_PKEY_new());
AssertNull(EVP_PKEY_get0_EC_KEY(pkey));
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_IV_SIZE] = {0};
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
printf(testingFmt, "wolfSSL_EVP_X_STATE");
/* Bad test cases */
ctx = EVP_CIPHER_CTX_new();
init = EVP_des_ede3_cbc();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertNull(wolfSSL_EVP_X_STATE(NULL));
AssertNull(wolfSSL_EVP_X_STATE(ctx));
EVP_CIPHER_CTX_free(ctx);
/* Good test case */
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_rc4();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertNotNull(wolfSSL_EVP_X_STATE(ctx));
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE_LEN(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_IV_SIZE] = {0};
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
printf(testingFmt, "wolfSSL_EVP_X_STATE_LEN");
/* Bad test cases */
ctx = EVP_CIPHER_CTX_new();
init = EVP_des_ede3_cbc();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
EVP_CIPHER_CTX_free(ctx);
/* Good test case */
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_rc4();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_block_size(void)
{
#if defined(OPENSSL_ALL)
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
#endif
#endif
#ifdef HAVE_AES_GCM
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
#endif
#endif
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
#endif
#endif
#ifdef HAVE_AES_ECB
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
#endif
#endif
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
#endif
#endif
#ifndef NO_RC4
AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
#endif
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_EVP_CIPHER_iv_length(void)
{
#if defined(OPENSSL_ALL)
int i, enumlen;
int enumArray[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
NID_aes_128_cbc,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_cbc,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_cbc,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
NID_aes_128_gcm,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_gcm,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_gcm,
#endif
#endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
NID_aes_128_ctr,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_ctr,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_ctr,
#endif
#endif
#ifndef NO_DES3
NID_des_cbc,
NID_des_ede3_cbc,
#endif
#ifdef HAVE_IDEA
NID_idea_cbc,
#endif
};
int iv_lengths[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
GCM_NONCE_MID_SZ,
#endif
#ifdef WOLFSSL_AES_192
GCM_NONCE_MID_SZ,
#endif
#ifdef WOLFSSL_AES_256
GCM_NONCE_MID_SZ,
#endif
#endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif
#ifndef NO_DES3
DES_BLOCK_SIZE,
DES_BLOCK_SIZE,
#endif
#ifdef HAVE_IDEA
IDEA_BLOCK_SIZE,
#endif
};
printf(testingFmt, "wolfSSL_EVP_CIPHER_iv_length");
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_SignInit_ex(void)
{
#if defined(OPENSSL_ALL)
WOLFSSL_EVP_MD_CTX mdCtx;
WOLFSSL_ENGINE* e = 0;
const EVP_MD* md;
md = "SHA256";
printf(testingFmt, "wolfSSL_EVP_SignInit_ex");
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_DigestFinal_ex(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
WOLFSSL_EVP_MD_CTX mdCtx;
unsigned int s = 0;
unsigned char md[WC_SHA256_DIGEST_SIZE];
unsigned char md2[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_EVP_DigestFinal_ex");
/* Bad Case */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#else
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
#endif
/* Good Case */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_assign_DH(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DH) && \
!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
const char* params1 = "./certs/dh2048.der";
long len = 0;
WOLFSSL_DH* dh = NULL;
WOLFSSL_EVP_PKEY* pkey;
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
printf(testingFmt, "wolfSSL_EVP_PKEY_assign_DH");
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
/* Good case */
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
{
#if defined(OPENSSL_EXTRA)
EVP_PKEY* pkey;
EVP_PKEY_CTX* ctx;
printf(testingFmt, "test_wolfSSL_QT_EVP_PKEY_CTX_free");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
/* void */
EVP_PKEY_CTX_free(ctx);
AssertTrue(1);
#else
/* int */
AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS);
#endif
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_param_check(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH *dh = NULL;
DH *setDh = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX* ctx = NULL;
FILE* f = NULL;
unsigned char buf[512];
const unsigned char* pt = buf;
const char* dh2048 = "./certs/dh2048.der";
long len = 0;
int code = -1;
printf(testingFmt, "test_wolfSSL_EVP_PKEY_param_check");
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(dh2048, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Load dh2048.der into DH with internal format */
AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len));
AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
code = -1;
pkey = wolfSSL_EVP_PKEY_new();
/* Set DH into PKEY */
AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
/* create ctx from pkey */
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */);
/* */
/* TO DO invlaid case */
/* */
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
DH_free(setDh);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_EVP_BytesToKey(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC)
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int sz = 5;
int count = 0;
const EVP_MD* md;
md = "SHA256";
const EVP_CIPHER *type;
const unsigned char *salt = (unsigned char *)"salt1234";
const byte data[] = {
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
printf(testingFmt, "EVP_BytesToKey");
/* Bad cases */
AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
0);
AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
16);
md = "2";
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
WOLFSSL_FAILURE);
/* Good case */
md = "SHA256";
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
16);
printf(resultFmt, passed);
#endif
}
static void test_IncCtr(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(HAVE_FIPS)
byte key[AES_128_KEY_SIZE] = {0};
byte iv[GCM_NONCE_MID_SZ] = {0};
int type = EVP_CTRL_GCM_IV_GEN;
int arg = 0;
void *ptr = NULL;
printf(testingFmt, "IncCtr");
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_aes_128_gcm();
AssertNotNull(ctx);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_ctrl(ctx, type, arg, ptr), WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_ln(void)
{
const int nid_set[] = {
NID_commonName,
NID_serialNumber,
NID_countryName,
NID_localityName,
NID_stateOrProvinceName,
NID_organizationName,
NID_organizationalUnitName,
NID_domainComponent,
NID_businessCategory,
NID_jurisdictionCountryName,
NID_jurisdictionStateOrProvinceName,
NID_emailAddress
};
const char* ln_set[] = {
"commonName",
"serialNumber",
"countryName",
"localityName",
"stateOrProvinceName",
"organizationName",
"organizationalUnitName",
"domainComponent",
"businessCategory",
"jurisdictionCountryName",
"jurisdictionStateOrProvinceName",
"emailAddress",
};
size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
printf(testingFmt, "wolfSSL_OBJ_ln");
AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);
#ifdef HAVE_ECC
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
{
size_t nCurves = 27;
EC_builtin_curve r[nCurves];
nCurves = EC_get_builtin_curves(r,nCurves);
for (i = 0; i < nCurves; i++) {
/* skip ECC_CURVE_INVALID */
if (r[i].nid != ECC_CURVE_INVALID) {
AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
}
}
}
#endif
#endif
for (i = 0; i < maxIdx; i++) {
AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
}
printf(resultFmt, passed);
}
static void test_wolfSSL_OBJ_sn(void)
{
int i = 0, maxIdx = 7;
const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
NID_stateOrProvinceName,NID_organizationName,
NID_organizationalUnitName,NID_emailAddress};
const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
WOLFSSL_EMAIL_ADDR};
printf(testingFmt, "wolfSSL_OBJ_sn");
AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
for (i = 0; i < maxIdx; i++) {
AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
}
printf(resultFmt, passed);
}
#if !defined(NO_BIO)
static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
{
return lh_strhash(s[3]);
}
static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
{
return XSTRCMP(a[3], b[3]);
}
#endif
static void test_wolfSSL_TXT_DB(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
BIO *bio;
TXT_DB *db = NULL;
const int columns = 6;
const char *fields[6] = {
"V",
"320926161116Z",
"",
"12BD",
"unknown",
"/CN=rsa doe",
};
char** fields_copy;
printf(testingFmt, "wolfSSL_TXT_DB");
/* Test read */
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
AssertNotNull(db = TXT_DB_read(bio, columns));
AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
DYNAMIC_TYPE_OPENSSL));
XMEMCPY(fields_copy, fields, sizeof(fields));
AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
BIO_free(bio);
/* Test write */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(TXT_DB_write(bio, db), 1484);
BIO_free(bio);
/* Test index */
AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
(wolf_sk_compare_cb)TXT_DB_cmp), 1);
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "12DA";
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "FFFF";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
TXT_DB_free(db);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_NCONF(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
const char* confFile = "./tests/NCONF_test.cnf";
CONF* conf = NULL;
long eline = 0;
long num = 0;
printf(testingFmt, "wolfSSL_NCONF");
AssertNotNull(conf = NCONF_new(NULL));
AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
AssertIntEQ(num, 1234);
AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
AssertIntEQ(num, 4321);
AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
"./test-dir/file1");
AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
"./test-dir/file1:./test-dir/file2:./section1:file2");
NCONF_free(conf);
printf(resultFmt, passed);
#endif
}
#endif /* OPENSSL_ALL */
static void test_wolfSSL_EC_KEY_set_group(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
defined(OPENSSL_EXTRA)
EC_KEY *key = NULL;
EC_GROUP *group = NULL;
const EC_GROUP *group2 = NULL;
printf(testingFmt, "wolfSSL_EC_KEY_dup()");
AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
AssertNotNull(key = EC_KEY_new());
AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
AssertNotNull(group2 = EC_KEY_get0_group(key));
AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
EC_GROUP_free(group);
EC_KEY_free(key);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509V3_EXT_get(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* f;
int numOfExt =0;
int extNid = 0;
int i = 0;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
const WOLFSSL_v3_ext_method* method;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
for (i = 0; i < numOfExt; i++) {
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertIntNE((extNid = ext->obj->nid), NID_undef);
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertIntEQ(method->ext_nid, extNid);
}
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_nconf(void)
{
#if defined (OPENSSL_ALL)
const char *ext_names[] = {
"subjectKeyIdentifier",
"authorityKeyIdentifier",
"subjectAltName",
"keyUsage",
};
size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names);
int ext_nids[] = {
NID_subject_key_identifier,
NID_authority_key_identifier,
NID_subject_alt_name,
NID_key_usage,
};
size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids);
const char *ext_values[] = {
"hash",
"hash",
"DNS:example.com, IP:127.0.0.1",
"digitalSignature,keyEncipherment,dataEncipherment",
};
size_t i;
printf(testingFmt, "wolfSSL_X509V3_EXT_nconf()");
for (i = 0; i < ext_names_count; i++) {
X509_EXTENSION* ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i],
ext_values[i]);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
}
for (i = 0; i < ext_nids_count; i++) {
X509_EXTENSION* ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i],
ext_values[i]);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
}
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_X509V3_EXT(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* f;
int numOfExt = 0, nid = 0, i = 0, expected, actual;
char* str;
unsigned char* data;
const WOLFSSL_v3_ext_method* method;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_X509_EXTENSION* ext2;
WOLFSSL_ASN1_OBJECT *obj, *adObj;
WOLFSSL_ASN1_STRING* asn1str;
WOLFSSL_AUTHORITY_KEYID* aKeyId;
WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
WOLFSSL_BASIC_CONSTRAINTS* bc;
WOLFSSL_ACCESS_DESCRIPTION* ad;
WOLFSSL_GENERAL_NAME* gn;
printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");
/* Check NULL argument */
AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
/* Using OCSP cert with X509V3 extensions */
AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
/* Basic Constraints */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
AssertIntEQ(bc->ca, 1);
AssertNull(bc->pathlen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
i++;
/* Subject Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
asn1str));
X509_EXTENSION_free(ext2);
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(method->i2s);
AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
wolfSSL_ASN1_STRING_free(asn1str);
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
i++;
/* Authority Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
AssertNotNull(aKeyId =
(WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(asn1str = aKeyId->keyid);
AssertNotNull(str =
wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_AUTHORITY_KEYID_free(aKeyId);
i++;
/* Key Usage */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
#if defined(WOLFSSL_QT)
AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
#else
AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
#endif
expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
#ifdef BIG_ENDIAN_ORDER
actual = data[1];
#else
actual = data[0];
#endif
AssertIntEQ(actual, expected);
wolfSSL_ASN1_STRING_free(asn1str);
#if 1
i++;
/* Authority Info Access */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
AssertNotNull(aia =
(WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
#if defined(WOLFSSL_QT)
AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#else
AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#endif
/* URI entry is an ACCESS_DESCRIPTION type */
#if defined(WOLFSSL_QT)
AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
#else
AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0));
#endif
AssertNotNull(adObj = ad->method);
/* Make sure nid is OCSP */
AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP);
/* GENERAL_NAME stores URI as an ASN1_STRING */
AssertNotNull(gn = ad->location);
AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
#if defined(WOLFSSL_QT)
str = (char*)ASN1_STRING_get0_data(asn1str);
#else
str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
#endif
actual = strcmp(str, "http://127.0.0.1:22220");
AssertIntEQ(actual, 0);
wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
#else
(void) aia; (void) ad; (void) adObj; (void) gn;
#endif
wolfSSL_X509_free(x509);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_X509_get_extension_flags(void)
{
#ifdef OPENSSL_ALL
XFILE f;
X509* x509;
unsigned int extFlags;
unsigned int keyUsageFlags;
unsigned int extKeyUsageFlags;
printf(testingFmt, "test_wolfSSL_X509_get_extension_flags");
/* client-int-cert.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_NON_REPUDIATION
| KU_KEY_ENCIPHERMENT;
/* and the following extended key usage flags. */
extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;
f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
X509_free(x509);
/* client-cert-ext.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_KEY_CERT_SIGN
| KU_CRL_SIGN;
AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb"));
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
X509_free(x509);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_X509_get_ext(void){
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
int ret = 0;
FILE* f;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* foundExtension;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_by_NID(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
int rc;
FILE* f;
WOLFSSL_X509* x509;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGE(rc, 0);
/* Start search from last location (should fail) */
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
AssertIntEQ(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
AssertIntEQ(rc, -1);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_subj_alt_name(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
int rc;
XFILE f;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_STRING* sanString;
byte* sanDer;
const byte expectedDer[] = {
0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01};
printf(testingFmt, "test_wolfSSL_X509_get_ext_subj_alt_name");
f = XFOPEN("./certs/server-cert.pem", "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
AssertIntNE(rc, -1);
AssertNotNull(ext = X509_get_ext(x509, rc));
AssertNotNull(sanString = X509_EXTENSION_get_data(ext));
AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer));
AssertNotNull(sanDer = ASN1_STRING_data(sanString));
AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_EXTENSION_new(void)
{
#if defined (OPENSSL_ALL)
WOLFSSL_X509_EXTENSION* ext;
AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
ext->obj->nid = WOLFSSL_SUCCESS;
AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
wolfSSL_X509_EXTENSION_free(ext);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_object(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_OBJECT* o;
FILE* file;
int nid = 0;
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ(o->nid, 128);
nid = o->nid;
printf(resultFmt, nid == 128 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_data(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_STRING* str;
FILE* file;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_critical(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
FILE* file;
int crit;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
crit = wolfSSL_X509_EXTENSION_get_critical(ext);
AssertIntEQ(crit, 0);
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_print(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
!defined(NO_RSA)
printf(testingFmt, "wolfSSL_X509V3_EXT_print");
{
FILE* f;
WOLFSSL_X509* x509;
X509_EXTENSION * ext = NULL;
int loc;
BIO *bio = NULL;
AssertNotNull(f = fopen(svrCertFile, "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
wolfSSL_BIO_free(bio);
wolfSSL_X509_free(x509);
}
{
X509 *x509;
BIO *bio;
X509_EXTENSION *ext;
unsigned int i;
unsigned int idx;
/* Some NIDs to test with */
int nids[] = {
/* NID_key_usage, currently X509_get_ext returns this as a bit
* string, which messes up X509V3_EXT_print */
/* NID_ext_key_usage, */
NID_subject_alt_name,
};
int* n;
AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
WOLFSSL_FILETYPE_PEM));
printf("\nPrinting extension values:\n");
for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
/* X509_get_ext_by_NID should return 3 for now. If that changes then
* update the index */
AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
AssertNotNull(ext = X509_get_ext(x509, idx));
AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
printf("\n");
}
BIO_free(bio);
X509_free(x509);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_cmp(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* file1;
FILE* file2;
WOLFSSL_X509* cert1;
WOLFSSL_X509* cert2;
int ret = 0;
AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
fclose(file1);
fclose(file2);
printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs");
ret = wolfSSL_X509_cmp(cert1, cert1);
AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs");
ret = wolfSSL_X509_cmp(cert1, cert2);
AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
printf(resultFmt, ret == -1 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args");
ret = wolfSSL_X509_cmp(NULL, cert2);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args");
ret = wolfSSL_X509_cmp(cert1, NULL);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args");
ret = wolfSSL_X509_cmp(NULL, NULL);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
wolfSSL_X509_free(cert1);
wolfSSL_X509_free(cert2);
#endif
}
static void test_wolfSSL_PKEY_up_ref(void)
{
#if defined(OPENSSL_ALL)
EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_PKEY_up_ref()");
pkey = EVP_PKEY_new();
AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
EVP_PKEY_free(pkey);
AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_d2i_and_i2d_PublicKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
EVP_PKEY* pkey;
const unsigned char* p;
unsigned char* der = NULL;
int derLen;
printf(testingFmt, "test_wolfSSL_d2i_and_i2d_PublicKey()");
p = client_keypub_der_2048;
/* Check that key can be successfully decoded. */
AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
sizeof_client_keypub_der_2048));
/* Check that key can be successfully encoded. */
AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
/* Ensure that the encoded version matches the original. */
AssertIntEQ(derLen, sizeof_client_keypub_der_2048);
AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_d2i_and_i2d_DSAparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
DSA* dsa;
char file[] = "./certs/dsaparams.der";
XFILE f;
int derInLen;
byte* derIn;
int derOutLen;
byte* derOut = NULL;
printf(testingFmt, "test_wolfSSL_d2i_and_i2d_DSAparams()");
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
derInLen = (int)XFTELL(f);
XREWIND(f);
AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen);
XFCLOSE(f);
/* Check that params can be successfully decoded. */
AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen));
/* Check that params can be successfully encoded. */
AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
/* Ensure that the encoded version matches the original. */
AssertIntEQ(derInLen, derOutLen);
AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);
XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
DSA_free(dsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2d_PrivateKey(void)
{
#if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)
printf(testingFmt, "wolfSSL_i2d_PrivateKey()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
{
EVP_PKEY* pkey;
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
unsigned char buf[FOURK_BUF];
unsigned char* pt = NULL;
int bufSz;
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
(long)sizeof_server_key_der_2048));
AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
pt = buf;
AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
AssertIntNE((pt - buf), 0);
AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
EVP_PKEY_free(pkey);
}
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
{
EVP_PKEY* pkey;
const unsigned char* client_key =
(const unsigned char*)ecc_clikey_der_256;
unsigned char buf[FOURK_BUF];
unsigned char* pt = NULL;
int bufSz;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
sizeof_ecc_clikey_der_256)));
AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
pt = buf;
AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
AssertIntNE((pt - buf), 0);
AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
EVP_PKEY_free(pkey);
}
#endif
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_OCSP_id_get0_info(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* cert;
X509* issuer;
OCSP_CERTID* id;
OCSP_CERTID* id2;
ASN1_STRING* name = NULL;
ASN1_OBJECT* pmd = NULL;
ASN1_STRING* keyHash = NULL;
ASN1_INTEGER* serial = NULL;
ASN1_INTEGER* x509Int;
printf(testingFmt, "wolfSSL_OCSP_id_get0_info()");
AssertNotNull(cert =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
AssertNotNull(issuer =
wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
id = OCSP_cert_to_id(NULL, cert, issuer);
AssertNotNull(id);
id2 = OCSP_cert_to_id(NULL, cert, issuer);
AssertNotNull(id2);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
/* name, pmd, keyHash not supported yet, expect failure if not NULL */
AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
AssertNotNull(serial);
/* compare serial number to one in cert, should be equal */
x509Int = X509_get_serialNumber(cert);
AssertNotNull(x509Int);
AssertIntEQ(x509Int->length, serial->length);
AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
/* test OCSP_id_cmp */
AssertIntNE(OCSP_id_cmp(NULL, NULL), 0);
AssertIntNE(OCSP_id_cmp(id, NULL), 0);
AssertIntNE(OCSP_id_cmp(NULL, id2), 0);
AssertIntEQ(OCSP_id_cmp(id, id2), 0);
id->issuerHash[0] = ~id->issuerHash[0];
AssertIntNE(OCSP_id_cmp(id, id2), 0);
OCSP_CERTID_free(id);
OCSP_CERTID_free(id2);
X509_free(cert); /* free's x509Int */
X509_free(issuer);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_i2d_OCSP_CERTID(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
WOLFSSL_OCSP_CERTID certId;
byte* targetBuffer;
byte* beginTargetBuffer;
/* OCSP CertID bytes taken from PCAP */
byte rawCertId[] = {
0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
0xcf, 0xbc, 0x91
};
int ret, i;
printf(testingFmt, "wolfSSL_i2d_OCSP_CERTID()");
XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
certId.rawCertId = rawCertId;
certId.rawCertIdSize = sizeof(rawCertId);
targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER);
beginTargetBuffer = targetBuffer;
ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
/* If target buffer is not null, function increments targetBuffer to point
just past the end of the encoded data. */
AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId)));
/* Function returns the size of the encoded data. */
AssertIntEQ(ret, sizeof(rawCertId));
for (i = 0; i < ret; ++i)
{
AssertIntEQ(beginTargetBuffer[i], rawCertId[i]);
}
XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
targetBuffer = NULL;
ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
/* If target buffer is null, function allocates memory for a buffer and
copies the encoded data into it. targetBuffer then points to the start of
this newly allocate buffer. */
AssertIntEQ(ret, sizeof(rawCertId));
for (i = 0; i < ret; ++i)
{
AssertIntEQ(targetBuffer[i], rawCertId[i]);
}
XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_id_cmp(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
OCSP_CERTID id1;
OCSP_CERTID id2;
printf(testingFmt, "wolfSSL_OCSP_id_cmp()");
XMEMSET(&id1, 0, sizeof(id1));
XMEMSET(&id2, 0, sizeof(id2));
AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_SINGLERESP single;
const WOLFSSL_OCSP_CERTID* certId;
XMEMSET(&single, 0, sizeof(single));
certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);
printf(testingFmt, "wolfSSL_OCSP_SINGLERESP_get0_id()");
AssertPtrEq(&single, certId);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_single_get0_status(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_SINGLERESP single;
CertStatus certStatus;
WOLFSSL_ASN1_TIME* thisDate;
WOLFSSL_ASN1_TIME* nextDate;
int ret, i;
printf(testingFmt, "wolfSSL_OCSP_single_get0_status()");
XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&certStatus, 0, sizeof(CertStatus));
/* Fill the date fields with some dummy data. */
for (i = 0; i < CTC_DATE_SIZE; ++i) {
certStatus.thisDateParsed.data[i] = i;
certStatus.nextDateParsed.data[i] = i;
}
certStatus.status = CERT_GOOD;
single.status = &certStatus;
ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
&nextDate);
AssertIntEQ(ret, CERT_GOOD);
AssertPtrEq(thisDate, &certStatus.thisDateParsed);
AssertPtrEq(nextDate, &certStatus.nextDateParsed);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_resp_count(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_BASICRESP basicResp;
WOLFSSL_OCSP_SINGLERESP singleRespOne;
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
int count;
printf(testingFmt, "wolfSSL_OCSP_resp_count()");
XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 0);
basicResp.single = &singleRespOne;
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 1);
singleRespOne.next = &singleRespTwo;
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 2);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_resp_get0(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_BASICRESP basicResp;
WOLFSSL_OCSP_SINGLERESP singleRespOne;
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
WOLFSSL_OCSP_SINGLERESP* ret;
printf(testingFmt, "wolfSSL_OCSP_resp_get0()");
XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
basicResp.single = &singleRespOne;
singleRespOne.next = &singleRespTwo;
ret = wolfSSL_OCSP_resp_get0(&basicResp, 0);
AssertPtrEq(ret, &singleRespOne);
ret = wolfSSL_OCSP_resp_get0(&basicResp, 1);
AssertPtrEq(ret, &singleRespTwo);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_derive(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
EVP_PKEY_CTX *ctx;
unsigned char *skey;
size_t skeylen;
EVP_PKEY *pkey, *peerkey;
const unsigned char* key;
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
/* DH */
key = dh_key_der_2048;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
sizeof_dh_key_der_2048)));
AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
key = dh_key_der_2048;
AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
sizeof_dh_key_der_2048)));
AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(peerkey);
EVP_PKEY_free(pkey);
XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif
#ifdef HAVE_ECC
/* ECDH */
key = ecc_clikey_der_256;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
sizeof_ecc_clikey_der_256)));
key = ecc_clikeypub_der_256;
AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
sizeof_ecc_clikeypub_der_256)));
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(peerkey);
EVP_PKEY_free(pkey);
XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* HAVE_ECC */
printf(resultFmt, "passed");
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
}
static void test_wolfSSL_EVP_PBE_scrypt(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5))
#if !defined(NO_PWDBASED) && !defined(NO_SHA256)
int ret;
const char pwd[] = {'p','a','s','s','w','o','r','d'};
int pwdlen = sizeof(pwd);
const byte salt[] = {'N','a','C','l'};
int saltlen = sizeof(salt);
byte key[80];
word64 numOvr32 = (word64)INT32_MAX + 1;
/* expected derived key for N:16, r:1, p:1 */
const byte expectedKey[] = {
0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B,
0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A,
0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97,
0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6,
0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C,
0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53,
0xE7, 0xE9, 0xC0, 0x9A};
printf(testingFmt, "wolfSSL_EVP_PBE_scrypt()");
/* N r p mx key keylen */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* N must be greater than 1 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* N must be power of 2 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* r must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64);
AssertIntEQ(ret, 0); /* p must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0);
AssertIntEQ(ret, 0); /* keylen must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* r must be smaller than 9 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64);
AssertIntEQ(ret, 1); /* should succeed if key is NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0,
key, 64);
AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0,
key, 64);
AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */
ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/
ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/
ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */
ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1);
ret = XMEMCMP(expectedKey, key, sizeof(expectedKey));
AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */
printf(resultFmt, "passed");
#endif /* !NO_PWDBASED && !NO_SHA256 */
#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */
}
#ifndef NO_RSA
static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
{
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
RSA *rsa;
const unsigned char *derBuf = client_key_der_2048;
unsigned char em[256] = {0}; /* len = 2048/8 */
/* Random data simulating a hash */
const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
};
AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1);
AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1);
RSA_free(rsa);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
}
#endif
static void test_wolfSSL_RSA_sign_sha3(void)
{
#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
RSA *rsa;
const unsigned char *derBuf = client_key_der_2048;
unsigned char sigRet[256] = {0};
unsigned int sigLen = sizeof(sigRet);
/* Random data simulating a hash */
const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
};
printf(testingFmt, "wolfSSL_RSA_sign_sha3");
AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet,
&sigLen, rsa), 1);
RSA_free(rsa);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
}
static void test_wolfSSL_EC_get_builtin_curves(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
EC_builtin_curve* curves = NULL;
size_t crv_len = 0;
size_t i = 0;
printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
AssertNotNull(curves = (EC_builtin_curve*)
XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
for (i = 0; i < crv_len; i++)
{
if (curves[i].comment != NULL)
AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
}
XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}
static void test_no_op_functions(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "no_op_functions()");
/* this makes sure wolfSSL can compile and run these no-op functions */
SSL_load_error_strings();
ENGINE_load_builtin_engines();
OpenSSL_add_all_ciphers();
AssertIntEQ(CRYPTO_malloc_init(), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CRYPTO_memcmp(void)
{
#ifdef OPENSSL_EXTRA
char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud.";
char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud.";
char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud!";
AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
#endif
}
/*----------------------------------------------------------------------------*
| wolfCrypt ASN
*----------------------------------------------------------------------------*/
static void test_wc_CreateEncryptedPKCS8Key(void)
{
#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
&& !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
WC_RNG rng;
byte* encKey = NULL;
word32 encKeySz = 0;
word32 decKeySz = 0;
const char password[] = "Lorem ipsum dolor sit amet";
word32 passwordSz = (word32)XSTRLEN(password);
word32 tradIdx = 0;
printf(testingFmt, "test_wc_CreateEncryptedPKCS8Key");
AssertIntEQ(wc_InitRng(&rng), 0);
/* Call with NULL for out buffer to get necessary length. */
AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
LENGTH_ONLY_E);
AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
/* Call with the allocated out buffer. */
AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
0);
/* Decrypt the encrypted PKCS8 key we just made. */
AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
passwordSz)), 0);
/* encKey now holds the decrypted key (decrypted in place). */
AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
/* Check that the decrypted key matches the key prior to encryption. */
AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
sizeof_server_key_der_2048), 0);
if (encKey != NULL)
XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
static void test_wc_GetPkcs8TraditionalOffset(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
int length, derSz;
word32 inOutIdx;
const char* path = "./certs/server-keyPkcs8.der";
XFILE file;
byte der[2048];
printf(testingFmt, "wc_GetPkcs8TraditionalOffset");
file = XFOPEN(path, "rb");
AssertTrue(file != XBADFILE);
derSz = (int)XFREAD(der, 1, sizeof(der), file);
XFCLOSE(file);
/* valid case */
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntGT(length, 0);
/* inOutIdx > sz */
inOutIdx = 4000;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntEQ(length, BAD_FUNC_ARG);
/* null input */
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
AssertIntEQ(length, BAD_FUNC_ARG);
/* invalid input, fill buffer with 1's */
XMEMSET(der, 1, sizeof(der));
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntEQ(length, ASN_PARSE_E);
printf(resultFmt, passed);
#endif /* NO_ASN */
}
static void test_wc_SetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetSubjectRaw()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wc_GetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
byte *subjectRaw;
printf(testingFmt, "test_wc_GetSubjectRaw()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
printf(resultFmt, passed);
#endif
}
static void test_wc_SetIssuerRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetIssuerRaw()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wc_SetIssueBuffer(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetIssuerBuffer()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
/*
* Testing wc_SetSubjectKeyId
*/
static void test_wc_SetSubjectKeyId(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
const char* file = "certs/ecc-client-keyPub.pem";
printf(testingFmt, "wc_SetSubjectKeyId()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));
AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubjectKeyId */
/*
* Testing wc_SetSubject
*/
static void test_wc_SetSubject(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
const char* file = "./certs/ca-ecc-cert.pem";
printf(testingFmt, "wc_SetSubject()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_SetSubject(&cert, file));
AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));
printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubject */
static void test_CheckCertSignature(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
WOLFSSL_CERT_MANAGER* cm = NULL;
#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
FILE* fp;
byte cert[4096];
int certSz;
#endif
AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_1024, sizeof_ca_cert_der_1024,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_2048, sizeof_ca_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
#endif
#endif
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
sizeof_serv_ecc_der_256, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
NULL, cm));
#endif
#if !defined(NO_FILESYSTEM)
wolfSSL_CertManagerFree(cm);
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
#ifndef NO_RSA
AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
XFCLOSE(fp);
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#ifdef HAVE_ECC
AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
XFCLOSE(fp);
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-ecc-cert.pem", NULL));
AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#endif
#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
(void)fp;
(void)cert;
(void)certSz;
#endif
wolfSSL_CertManagerFree(cm);
#endif
}
/*----------------------------------------------------------------------------*
| wolfCrypt ECC
*----------------------------------------------------------------------------*/
static void test_wc_ecc_get_curve_size_from_name(void)
{
#ifdef HAVE_ECC
int ret;
printf(testingFmt, "wc_ecc_get_curve_size_from_name");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
ret = wc_ecc_get_curve_size_from_name("SECP256R1");
AssertIntEQ(ret, 32);
#endif
/* invalid case */
ret = wc_ecc_get_curve_size_from_name("BADCURVE");
AssertIntEQ(ret, -1);
/* NULL input */
ret = wc_ecc_get_curve_size_from_name(NULL);
AssertIntEQ(ret, BAD_FUNC_ARG);
printf(resultFmt, passed);
#endif /* HAVE_ECC */
}
static void test_wc_ecc_get_curve_id_from_name(void)
{
#ifdef HAVE_ECC
int id;
printf(testingFmt, "wc_ecc_get_curve_id_from_name");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
#endif
/* invalid case */
id = wc_ecc_get_curve_id_from_name("BADCURVE");
AssertIntEQ(id, -1);
/* NULL input */
id = wc_ecc_get_curve_id_from_name(NULL);
AssertIntEQ(id, BAD_FUNC_ARG);
printf(resultFmt, passed);
#endif /* HAVE_ECC */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
!defined(HAVE_SELFTEST) && \
!(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
static void test_wc_ecc_get_curve_id_from_dp_params(void)
{
int id;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
int curve_id;
ecc_key* key;
const ecc_set_type* params;
int ret;
#endif
WOLFSSL_EC_KEY *ecKey = NULL;
printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
AssertNotNull(ecKey);
ret = EC_KEY_generate_key(ecKey);
if (ret == 0) {
/* normal test */
key = (ecc_key*)ecKey->internal;
params = key->dp;
curve_id = wc_ecc_get_curve_id_from_dp_params(params);
AssertIntEQ(curve_id, id);
}
#endif
/* invalid case, NULL input*/
id = wc_ecc_get_curve_id_from_dp_params(NULL);
AssertIntEQ(id, BAD_FUNC_ARG);
wolfSSL_EC_KEY_free(ecKey);
printf(resultFmt, passed);
}
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
static void test_wc_ecc_get_curve_id_from_params(void)
{
#ifdef HAVE_ECC
int id;
const byte prime[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
};
const byte primeInvalid[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
};
const byte Af[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
};
const byte Bf[] =
{
0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
};
const byte order[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
};
const byte Gx[] =
{
0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
};
const byte Gy[] =
{
0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
};
int cofactor = 1;
int fieldSize = 256;
printf(testingFmt, "wc_ecc_get_curve_id_from_params");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_SECP256R1);
#endif
/* invalid case, fieldSize = 0 */
id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_CURVE_INVALID);
/* invalid case, NULL prime */
id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, BAD_FUNC_ARG);
/* invalid case, invalid prime */
id = wc_ecc_get_curve_id_from_params(fieldSize,
primeInvalid, sizeof(primeInvalid),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_CURVE_INVALID);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA)
WOLFSSL_RSA* rsa = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
const char* in = "What is easy to do is easy not to do.";
size_t inlen = XSTRLEN(in);
size_t outEncLen = 0;
byte* outEnc = NULL;
byte* outDec = NULL;
size_t outDecLen = 0;
size_t rsaKeySz = 2048/8; /* Bytes */
#ifdef WC_RSA_NO_PADDING
byte* inTmp = NULL;
byte* outEncTmp = NULL;
byte* outDecTmp = NULL;
#endif
printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()");
AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outEnc, 0, rsaKeySz);
AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outDec, 0, rsaKeySz);
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
WOLFSSL_SUCCESS);
/* Test pkey references count is decremented. pkey shouldn't be destroyed
since ctx uses it.*/
AssertIntEQ(pkey->references, 2);
EVP_PKEY_free(pkey);
AssertIntEQ(pkey->references, 1);
/* Encrypt data */
/* Check that we can get the required output buffer length by passing in a
* NULL output buffer. */
AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen,
(const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
AssertIntEQ(rsaKeySz, outEncLen);
/* Now do the actual encryption. */
AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
(const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
/* Decrypt data */
AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
/* Check that we can get the required output buffer length by passing in a
* NULL output buffer. */
AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(rsaKeySz, outDecLen);
/* Now do the actual decryption. */
AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
#ifdef WC_RSA_NO_PADDING
/* The input length must be the same size as the RSA key.*/
AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(inTmp, 9, rsaKeySz);
AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outEncTmp, 0, rsaKeySz);
AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outDecTmp, 0, rsaKeySz);
AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
#endif
EVP_PKEY_CTX_free(ctx);
XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WC_RSA_NO_PADDING
XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
WOLFSSL_RSA* rsa = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
const char* in = "What is easy to do is easy not to do.";
size_t inlen = XSTRLEN(in);
byte hash[SHA256_DIGEST_LENGTH] = {0};
SHA256_CTX c;
byte* sig = NULL;
byte* sigVerify = NULL;
size_t siglen = 0;
size_t rsaKeySz = 2048/8; /* Bytes */
printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(sig);
XMEMSET(sig, 0, rsaKeySz);
AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(sigVerify, 0, rsaKeySz);
/* Generate hash */
SHA256_Init(&c);
SHA256_Update(&c, in, inlen);
SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* workaround for small stack cache case */
wc_Sha256Free((wc_Sha256*)&c);
#endif
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
WOLFSSL_SUCCESS);
/* Sign data */
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH),
WOLFSSL_SUCCESS);
/* Verify signature.
EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */
AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify,
rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH);
AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0);
/* error cases */
AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
ctx->pkey->type = EVP_PKEY_RSA;
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
WOLFSSL_SUCCESS);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
printf(resultFmt, passed);
#endif
}
static void test_EVP_PKEY_rsa(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
WOLFSSL_RSA* rsa;
WOLFSSL_EVP_PKEY* pkey;
AssertNotNull(rsa = wolfSSL_RSA_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
wolfSSL_EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_EVP_PKEY_ec(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
WOLFSSL_EC_KEY* ecKey;
WOLFSSL_EVP_PKEY* pkey;
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
/* Should fail since ecKey is empty */
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
#endif
}
static void test_EVP_PKEY_cmp(void)
{
#if defined(OPENSSL_EXTRA)
EVP_PKEY *a, *b;
const unsigned char *in;
printf(testingFmt, "wolfSSL_EVP_PKEY_cmp()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
in = client_key_der_2048;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
in = client_key_der_2048;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
/* Test success case RSA */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
in = ecc_clikey_der_256;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
in = ecc_clikey_der_256;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
/* Test success case ECC */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
/* Test failure cases */
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
in = client_key_der_2048;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
in = ecc_clikey_der_256;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), -1);
#else
AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
/* invalid or empty failure cases */
a = EVP_PKEY_new();
b = EVP_PKEY_new();
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0);
AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0);
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#else
AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif
EVP_PKEY_free(b);
EVP_PKEY_free(a);
(void)in;
printf(resultFmt, passed);
#endif
}
static void test_ERR_load_crypto_strings(void)
{
#if defined(OPENSSL_ALL)
ERR_load_crypto_strings();
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
static void free_x509(X509* x)
{
AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
}
#endif
static void test_sk_X509(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
STACK_OF(X509)* s;
AssertNotNull(s = sk_X509_new());
AssertIntEQ(sk_X509_num(s), 0);
sk_X509_free(s);
AssertNotNull(s = sk_X509_new_null());
AssertIntEQ(sk_X509_num(s), 0);
sk_X509_free(s);
AssertNotNull(s = sk_X509_new());
sk_X509_push(s, (X509*)1);
AssertIntEQ(sk_X509_num(s), 1);
AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
sk_X509_push(s, (X509*)2);
AssertIntEQ(sk_X509_num(s), 2);
AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
sk_X509_push(s, (X509*)2);
sk_X509_pop_free(s, free_x509);
printf(resultFmt, passed);
#endif
}
static void test_X509_get_signature_nid(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* x509;
AssertIntEQ(X509_get_signature_nid(NULL), 0);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_X509_REQ(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
X509_NAME* name;
#if !defined(NO_RSA) || defined(HAVE_ECC)
X509_REQ* req;
EVP_PKEY* priv;
EVP_PKEY* pub;
unsigned char* der = NULL;
#endif
#ifndef NO_RSA
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pkctx = NULL;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
#endif
#endif
#ifdef HAVE_ECC
const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
int len;
#endif
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, 0, 1),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
#ifndef NO_RSA
AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
(long)sizeof_client_key_der_2048));
AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
(long)sizeof_client_keypub_der_2048));
AssertNotNull(req = X509_REQ_new());
AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
AssertIntEQ(i2d_X509_REQ(req, &der), 643);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
der = NULL;
mctx = EVP_MD_CTX_new();
AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
EVP_MD_CTX_free(mctx);
X509_REQ_free(NULL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
EVP_PKEY_free(priv);
#endif
#ifdef HAVE_ECC
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
sizeof_ecc_clikey_der_256));
AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
sizeof_ecc_clikeypub_der_256));
AssertNotNull(req = X509_REQ_new());
AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
/* Signature is random and may be shorter or longer. */
AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
AssertIntLE(len, 253);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
EVP_PKEY_free(priv);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif /* HAVE_ECC */
X509_NAME_free(name);
printf(resultFmt, passed);
#endif
}
static void test_wolfssl_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte data[FOURK_BUF];
word32 len = sizeof(data);
const byte* p = data;
byte content[] = "Test data to encode.";
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
BIO* bio;
byte key[sizeof(client_key_der_2048)];
word32 keySz = (word32)sizeof(key);
#endif
AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
(word32)sizeof(content),
0, 0)), 0);
AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
PKCS7_NOVERIFY), WOLFSSL_FAILURE);
PKCS7_free(pkcs7);
/* fail case, without PKCS7_NOVERIFY */
p = data;
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
0), WOLFSSL_FAILURE);
PKCS7_free(pkcs7);
/* success case, with PKCS7_NOVERIFY */
p = data;
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
/* test i2d */
XMEMCPY(key, client_key_der_2048, keySz);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
BIO_free(bio);
#endif
PKCS7_free(NULL);
PKCS7_free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS7_SIGNED_new(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
PKCS7_SIGNED* pkcs7;
printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
pkcs7 = PKCS7_SIGNED_new();
AssertNotNull(pkcs7);
AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
PKCS7_SIGNED_free(pkcs7);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_write_bio_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7 = NULL;
BIO* bio = NULL;
const byte* cert_buf = NULL;
int ret = 0;
WC_RNG rng;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#else
#error PKCS7 requires ECC or RSA
#endif
printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* initialize with DER encoded cert */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
/* init rng */
AssertIntEQ(wc_InitRng(&rng), 0);
pkcs7->rng = &rng;
pkcs7->content = (byte*)data; /* not used for ex */
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->contentOID = SIGNED_DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->signedAttribs = NULL;
pkcs7->signedAttribsSz = 0;
#ifndef NO_BIO
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
/* Read PKCS#7 PEM from BIO */
ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
AssertIntGE(ret, 0);
BIO_free(bio);
#endif
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
#ifdef HAVE_SMIME
static void test_wolfSSL_SMIME_read_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
PKCS7* pkcs7 = NULL;
BIO* bio = NULL;
BIO* bcont = NULL;
XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
AssertNotNull(bio);
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
BIO_free(bio);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
printf(resultFmt, passed);
#endif
}
#endif /* HAVE_SMIME*/
#endif /* !NO_BIO */
/*----------------------------------------------------------------------------*
| Certificate Failure Checks
*----------------------------------------------------------------------------*/
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
int type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
switch (type) {
case TESTING_RSA:
#ifdef NO_RSA
printf("RSA disabled, skipping test\n");
return ASN_SIG_CONFIRM_E;
#else
break;
#endif
case TESTING_ECC:
#ifndef HAVE_ECC
printf("ECC disabled, skipping test\n");
return ASN_SIG_CONFIRM_E;
#else
break;
#endif
default:
printf("Bad function argument\n");
return BAD_FUNC_ARG;
}
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("wolfSSL_CertManagerNew failed\n");
return -1;
}
#ifndef NO_FILESYSTEM
ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
if (ret != WOLFSSL_SUCCESS) {
printf("wolfSSL_CertManagerLoadCA failed\n");
wolfSSL_CertManagerFree(cm);
return ret;
}
#else
(void)ca;
#endif
ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
/* Let AssertIntEQ handle return code */
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_RsaSigFailure_cm(void)
{
int ret = 0;
const char* ca_cert = "./certs/ca-cert.pem";
const char* server_cert = "./certs/server-cert.der";
byte* cert_buf = NULL;
size_t cert_sz = 0;
ret = load_file(server_cert, &cert_buf, &cert_sz);
if (ret == 0) {
/* corrupt DER - invert last byte, which is signature */
cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
/* test bad cert */
ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
}
printf("Signature failure test: RSA: Ret %d\n", ret);
if (cert_buf)
free(cert_buf);
return ret;
}
static int test_EccSigFailure_cm(void)
{
int ret = 0;
/* self-signed ECC cert, so use server cert as CA */
const char* ca_cert = "./certs/ca-ecc-cert.pem";
const char* server_cert = "./certs/server-ecc.der";
byte* cert_buf = NULL;
size_t cert_sz = 0;
ret = load_file(server_cert, &cert_buf, &cert_sz);
if (ret == 0) {
/* corrupt DER - invert last byte, which is signature */
cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
/* test bad cert */
ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
}
printf("Signature failure test: ECC: Ret %d\n", ret);
if (cert_buf)
free(cert_buf);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
return ret;
}
#endif /* NO_CERTS */
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
#ifdef WC_SHA384_DIGEST_SIZE
static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
#else
static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
#endif
#endif
#ifdef WOLFSSL_EARLY_DATA
static const char earlyData[] = "Early Data";
static char earlyDataBuffer[1];
#endif
static int test_tls13_apis(void)
{
int ret = 0;
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* clientTls12Ctx;
WOLFSSL* clientTls12Ssl;
#endif
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* serverTls12Ctx;
WOLFSSL* serverTls12Ssl;
#endif
#endif
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* clientCtx;
WOLFSSL* clientSsl;
#endif
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* serverCtx;
WOLFSSL* serverSsl;
#ifndef NO_CERTS
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
#endif
#endif
int required;
#ifdef WOLFSSL_EARLY_DATA
int outSz;
#endif
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
int groups[2] = { WOLFSSL_ECC_SECP256R1,
#ifdef HAVE_LIBOQS
WOLFSSL_SABER_LEVEL3
#else
WOLFSSL_ECC_SECP256R1
#endif
};
int bad_groups[2] = { 0xDEAD, 0xBEEF };
int numGroups = 2;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
char groupList[] =
#ifndef NO_ECC_SECP
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
"P-521:"
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
"P-384:"
#endif
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
"P-256"
#ifdef HAVE_LIBOQS
":P256_SABER_LEVEL1"
#endif
#endif
#ifdef HAVE_LIBOQS
":KYBER_LEVEL1"
#endif
"";
#endif /* !defined(NO_ECC_SECP) */
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
#endif
#ifndef NO_WOLFSSL_SERVER
serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#ifndef NO_CERTS
wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
#endif
#endif
#ifndef NO_WOLFSSL_CLIENT
clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
clientSsl = wolfSSL_new(clientCtx);
#endif
#ifndef NO_WOLFSSL_SERVER
serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#ifndef NO_CERTS
wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
serverSsl = wolfSSL_new(serverCtx);
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
WOLFSSL_SUCCESS);
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_ECC
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE25519)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE448)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
#else
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
#endif
#if defined(HAVE_LIBOQS)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
#endif
#endif /* HAVE_SUPPORTED_CURVES */
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
#endif
AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
#endif
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
#endif
AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
#endif
AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
#endif
AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
#endif
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
#endif
AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
#endif
AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
#endif
#endif
#ifdef HAVE_ECC
#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
WOLFSSL_MAX_GROUP_COUNT + 1),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifdef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
WOLFSSL_SUCCESS);
#endif
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */
#ifdef WOLFSSL_EARLY_DATA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0);
#endif
AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0);
#endif
AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
&outSz), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
&outSz), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), NULL),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
sizeof(earlyData), &outSz),
SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
sizeof(earlyData), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), &outSz),
WOLFSSL_FATAL_ERROR);
#endif
AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), NULL),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
WOLFSSL_FATAL_ERROR);
#endif
#endif
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
AssertIntLT(SSL_get_early_data_status(NULL), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
wolfSSL_free(serverSsl);
wolfSSL_CTX_free(serverCtx);
#endif
#ifndef NO_WOLFSSL_CLIENT
wolfSSL_free(clientSsl);
wolfSSL_CTX_free(clientCtx);
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
wolfSSL_free(serverTls12Ssl);
wolfSSL_CTX_free(serverTls12Ctx);
#endif
#ifndef NO_WOLFSSL_CLIENT
wolfSSL_free(clientTls12Ssl);
wolfSSL_CTX_free(clientTls12Ctx);
#endif
#endif
return ret;
}
#endif
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz,
const unsigned char* pubKeyDer, unsigned int pubKeySz,
unsigned char* out, unsigned int* outlen,
void* ctx)
{
int result;
/* Test fail when context associated with WOLFSSL is NULL */
if (ctx == NULL) {
return -1;
}
(void)ssl;
/* return 0 on success */
PRIVATE_KEY_UNLOCK();
result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
PRIVATE_KEY_LOCK();
return result;
}
static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
WOLFSSL_SUCCESS);
#endif
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
WOLFSSL_SUCCESS);
#endif
}
static void test_dh_ssl_setup(WOLFSSL* ssl)
{
static int dh_test_ctx = 1;
int ret;
wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
AssertIntEQ(ret, WOLFSSL_SUCCESS);
}
}
static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
{
int ret;
wolfSSL_SetDhAgreeCtx(ssl, NULL);
AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
AssertIntEQ(ret, WOLFSSL_SUCCESS);
}
}
#endif
static void test_DhCallbacks(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
tcp_ready ready;
func_args server_args;
func_args client_args;
THREAD_TYPE serverThread;
callback_functions func_cb_client;
callback_functions func_cb_server;
int test;
printf(testingFmt, "test_DhCallbacks");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
/* load client ca cert */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
WOLFSSL_SUCCESS);
/* test with NULL arguments */
wolfSSL_SetDhAgreeCtx(NULL, &test);
AssertNull(wolfSSL_GetDhAgreeCtx(NULL));
/* test success case */
test = 1;
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_SetDhAgreeCtx(ssl, &test);
AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
/* test a connection where callback is used */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* now set user ctx to not be 1 so that the callback returns fail case */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_FAIL);
AssertIntEQ(server_args.return_code, TEST_FAIL);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_HASHDRBG
#ifdef TEST_RESEED_INTERVAL
static int test_wc_RNG_GenerateBlock_Reseed(void)
{
int i, ret;
WC_RNG rng;
byte key[32];
ret = wc_InitRng(&rng);
if (ret == 0) {
for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
if (ret != 0) {
break;
}
}
}
wc_FreeRng(&rng);
return ret;
}
#endif /* TEST_RESEED_INTERVAL */
static int test_wc_RNG_GenerateBlock(void)
{
int i, ret;
WC_RNG rng;
byte key[32];
ret = wc_InitRng(&rng);
if (ret == 0) {
for(i = 0; i < 10; i++) {
ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
if (ret != 0) {
break;
}
}
}
wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
(void)key;
return ret;
}
#endif
/*
* Testing get_rand_digit
*/
static int test_get_rand_digit (void)
{
int ret = 0;
#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
WC_RNG rng;
mp_digit d;
printf(testingFmt, "get_rand_digit()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = get_rand_digit(&rng, &d);
}
if (ret == 0) {
ret = get_rand_digit(NULL, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = get_rand_digit(NULL, &d);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = get_rand_digit(&rng, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_FreeRng(&rng);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_get_rand_digit*/
/*
* Testing get_digit_count
*/
static int test_get_digit_count (void)
{
int ret = 0;
#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
mp_int a;
printf(testingFmt, "get_digit_count()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = get_digit_count(NULL);
}
if (ret == 0) {
ret = get_digit_count(&a);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
#endif
return ret;
}/* End test_get_digit_count*/
/*
* Testing mp_cond_copy
*/
static int test_mp_cond_copy (void)
{
int ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
mp_int a;
mp_int b;
int copy = 0;
printf(testingFmt, "mp_cond_copy()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
if (mp_init(&b) != MP_OKAY) {
ret = -1;
}
}
if (ret == 0) {
ret = mp_cond_copy(NULL, copy, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(NULL, copy, &b);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(&a, copy, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(&a, copy, &b);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
mp_clear(&b);
#endif
return ret;
}/* End test_mp_cond_copy*/
/*
* Testing mp_rand
*/
static int test_mp_rand (void)
{
int ret = 0;
#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
mp_int a;
int digits = 1;
WC_RNG rng;
printf(testingFmt, "mp_rand()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = mp_rand(&a, digits, NULL);
if (ret == MISSING_RNG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(NULL, digits, &rng);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(&a, 0, &rng);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(&a, digits, &rng);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
wc_FreeRng(&rng);
#endif
return ret;
}/* End test_mp_rand*/
/*
* Testing get_digit
*/
static int test_get_digit (void)
{
int ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
mp_int a;
int n = 0;
printf(testingFmt, "get_digit()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
if (get_digit(NULL, n) != 0) { /* Should not hit this */
ret = -1;
}
}
if (ret == 0) {
if (get_digit(NULL, n) == 0) { /* Should hit this */
ret = 0;
}
}
if (ret == 0) {
if (get_digit(&a, n) != 0) { /* Should not hit this */
ret = -1;
}
}
if (ret == 0) {
if (get_digit(&a, n) == 0) { /* Should hit this */
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
#endif
return ret;
}/* End test_get_digit*/
/*
* Testing wc_export_int
*/
static int test_wc_export_int(void)
{
int ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
mp_int mp;
byte buf[32];
word32 keySz = (word32)sizeof(buf);
word32 len = (word32)sizeof(buf);
printf(testingFmt, "wc_export_int()");
if (mp_init(&mp) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = mp_set_int(&mp, 1234);
}
if (ret == 0) {
ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf)-1;
ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
if (ret == BUFFER_E) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf);
ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
}
if (ret == 0) {
len = 4; /* test input too small */
ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
if (ret == BUFFER_E) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf);
ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
/* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
if (ret == 0 && len != 5) {
ret = BAD_FUNC_ARG;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&mp);
#endif
return ret;
}/* End test_wc_export_int*/
static int test_wc_InitRngNonce(void)
{
int ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
WC_RNG rng;
byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
"\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
word32 nonceSz = sizeof(nonce);
printf(testingFmt, "wc_InitRngNonce()");
if (ret == 0){
ret = wc_InitRngNonce(&rng, nonce, nonceSz);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_InitRngNonce*/
/*
* Testing wc_InitRngNonce_ex
*/
static int test_wc_InitRngNonce_ex(void)
{
int ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
WC_RNG rng;
byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
"\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
word32 nonceSz = sizeof(nonce);
printf(testingFmt, "wc_InitRngNonce_ex()");
if (ret == 0){
ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_InitRngNonce_ex*/
static void test_wolfSSL_X509_CRL(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
X509_CRL *crl;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
#ifndef NO_BIO
BIO *bio;
#endif
#ifdef HAVE_TEST_d2i_X509_CRL_fp
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""};
#endif
XFILE fp;
int i;
printf(testingFmt, "test_wolfSSL_X509_CRL");
for (i = 0; pem[i][0] != '\0'; i++)
{
fp = XFOPEN(pem[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
fp = XFOPEN(pem[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#ifndef NO_BIO
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertNotNull(bio = BIO_new_file(pem[i], "rb"));
AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
X509_CRL_free(crl);
BIO_free(bio);
}
#endif
#ifdef HAVE_TEST_d2i_X509_CRL_fp
for(i = 0; der[i][0] != '\0'; i++){
fp = XFOPEN(der[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
fp = XFOPEN(der[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#endif
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_X509_load_crl_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(NO_BIO)
int i;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""
};
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
printf(testingFmt, "wolfSSL_X509_load_crl_file");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* once feeing store */
X509_STORE_free(store);
store = NULL;
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; der[i][0] != '\0'; i++)
{
AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* test for incorrect parameter */
AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0);
AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0);
AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0);
X509_STORE_free(store);
store = NULL;
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
/* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
* generated by libest
* ./certs/csr.attr.der contains sample attributes
* ./certs/csr.ext.der contains sample extensions */
const char* csrFile = "./certs/csr.signed.der";
const char* csrPopFile = "./certs/csr.attr.der";
const char* csrExtFile = "./certs/csr.ext.der";
/* ./certs/csr.dsa.pem is generated using
* openssl req -newkey dsa:certs/dsaparams.pem \
* -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
* -outform PEM
* with the passphrase "wolfSSL"
*/
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
const char* csrDsaFile = "./certs/csr.dsa.pem";
XFILE f;
#endif
BIO* bio = NULL;
X509* req = NULL;
EVP_PKEY *pub_key = NULL;
{
AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
#endif
AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
STACK_OF(X509_EXTENSION) *exts = NULL;
#endif
AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
/* This CSR contains an Extension Request attribute so
* we test extension parsing in a CSR attribute here. */
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
{
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
/* Run the same test, but with a file pointer instead of a BIO.
* (PEM_read_X509_REQ)*/
AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
EVP_PKEY_free(pub_key);
}
#endif /* !NO_DSA && !HAVE_SELFTEST */
#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
}
static void test_wolfSSL_PEM_read_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509 *x509 = NULL;
XFILE fp;
printf(testingFmt, "wolfSSL_PEM_read_X509");
fp = XFOPEN(svrCertFile, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
X509_free(x509);
XFCLOSE(fp);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_read(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
const char* filename = "./certs/server-keyEnc.pem";
XFILE fp;
char* name = NULL;
char* header = NULL;
byte* data = NULL;
long len;
EVP_CIPHER_INFO cipher;
WOLFSSL_BIO* bio;
byte* fileData;
size_t fileDataSz;
byte* out;
printf(testingFmt, "wolfSSL_PEM_read");
fp = XFOPEN(filename, "rb");
AssertTrue((fp != XBADFILE));
/* Fail cases. */
AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
AssertIntGT(XSTRLEN(header), 0);
AssertIntGT(len, 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
AssertIntGT((fileDataSz = XFTELL(fp)), 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
XFCLOSE(fp);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
/* Fail cases. */
AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
/* Fail cases. */
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
#ifndef NO_DES3
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
#endif
/* Fail cases. */
AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_FAILURE);
AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_FAILURE);
AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
(void*)"yassl123"), WOLFSSL_FAILURE);
#if !defined(NO_DES3) && !defined(NO_MD5)
AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_SUCCESS);
#endif
BIO_free(bio);
XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
name = NULL;
header = NULL;
data = NULL;
fp = XFOPEN(svrKeyFile, "rb");
AssertTrue((fp != XBADFILE));
AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
AssertIntEQ(XSTRLEN(header), 0);
AssertIntGT(len, 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
AssertIntGT((fileDataSz = XFTELL(fp)), 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
XFCLOSE(fp);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
BIO_free(bio);
XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
const byte iv[12] = { 0 };
const byte key[16] = { 0 };
const byte cleartext[16] = { 0 };
const byte aad[] = {
0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
0x4f
};
byte out1Part[16];
byte outTag1Part[16];
byte out2Part[16];
byte outTag2Part[16];
byte decryptBuf[16];
int len;
int tlen;
EVP_CIPHER_CTX* ctx = NULL;
printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts");
/* ENCRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
sizeof(cleartext)), 1);
tlen += len;
AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
outTag1Part), 1);
EVP_CIPHER_CTX_free(ctx);
/* DECRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
sizeof(cleartext)), 1);
tlen += len;
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
outTag1Part), 1);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
EVP_CIPHER_CTX_free(ctx);
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
/* ENCRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
1);
AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
tlen += len;
AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
sizeof(cleartext) - 1), 1);
tlen += len;
AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
outTag2Part), 1);
AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
EVP_CIPHER_CTX_free(ctx);
/* DECRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
1);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
tlen += len;
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
sizeof(cleartext) - 1), 1);
tlen += len;
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
outTag1Part), 1);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
/* Test AAD re-use */
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
{
/* Zero length plain text */
byte key[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
}; /* align */
byte iv[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
}; /* align */
byte plaintxt[1];
int ivSz = 12;
int plaintxtSz = 0;
unsigned char tag[16];
unsigned char tag_kat[] =
{0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};
byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
int ciphertxtSz = 0;
int decryptedtxtSz = 0;
int len = 0;
EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
plaintxtSz));
AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
AssertIntEQ(0, ciphertxtSz);
AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
EVP_CIPHER_CTX_init(de);
AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
decryptedtxtSz = len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
decryptedtxtSz += len;
AssertIntEQ(0, decryptedtxtSz);
EVP_CIPHER_CTX_free(en);
EVP_CIPHER_CTX_free(de);
}
#endif
static void test_wolfssl_EVP_aes_gcm(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
/* A 256 bit key, AES_128 will use the first 128 bit*/
byte *key = (byte*)"01234567890123456789012345678901";
/* A 128 bit IV */
byte *iv = (byte*)"0123456789012345";
int ivSz = AES_BLOCK_SIZE;
/* Message to be encrypted */
byte *plaintxt = (byte*)"for things to change you have to change";
/* Additional non-confidential data */
byte *aad = (byte*)"Don't spend major time on minor things.";
unsigned char tag[AES_BLOCK_SIZE] = {0};
int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
int aadSz = (int)XSTRLEN((char*)aad);
byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
int ciphertxtSz = 0;
int decryptedtxtSz = 0;
int len = 0;
int i = 0;
EVP_CIPHER_CTX en[2];
EVP_CIPHER_CTX de[2];
printf(testingFmt, "wolfssl_EVP_aes_gcm");
for (i = 0; i < 2; i++) {
EVP_CIPHER_CTX_init(&en[i]);
if (i == 0) {
/* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
}
else {
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
}
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
ciphertxtSz = len;
AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
EVP_CIPHER_CTX_init(&de[i]);
if (i == 0) {
/* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
}
else {
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
}
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
decryptedtxtSz = len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
decryptedtxtSz += len;
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
/* modify tag*/
tag[AES_BLOCK_SIZE-1]+=0xBB;
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
/* fail due to wrong tag */
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
AssertIntEQ(0, len);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
}
test_wolfssl_EVP_aes_gcm_zeroLen();
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
BIO* bio;
X509_INFO* info;
STACK_OF(X509_INFO)* sk;
char* subject;
char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio");
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
AssertIntEQ(sk_X509_INFO_num(sk), 2);
/* using dereference to maintain testing for Apache port*/
AssertNotNull(info = sk_X509_INFO_pop(sk));
AssertNotNull(info->x_pkey);
AssertNotNull(info->x_pkey->dec_pkey);
AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048);
AssertNotNull(subject =
X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
X509_INFO_free(info);
AssertNotNull(info = sk_X509_INFO_pop(sk));
AssertNotNull(subject =
X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
X509_INFO_free(info);
AssertNull(info = sk_X509_INFO_pop(sk));
sk_X509_INFO_pop_free(sk, X509_INFO_free);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#endif /* !NO_BIO */
static void test_wolfSSL_X509_NAME_ENTRY_get_object(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509 *x509;
X509_NAME* name;
int idx = 0;
X509_NAME_ENTRY *ne;
ASN1_OBJECT *object = NULL;
printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_INTEGER_get_set(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_INTEGER *a;
long val;
int ret;
printf(testingFmt, "test_wolfSSL_ASN1_INTEGER_get_set");
a = ASN1_INTEGER_new();
val = 0;
ret = ASN1_INTEGER_set(NULL, val);
AssertIntEQ(ret, 0);
ASN1_INTEGER_free(a);
/* 0 */
a = ASN1_INTEGER_new();
val = 0;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 40 */
a = ASN1_INTEGER_new();
val = 40;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* -40 */
a = ASN1_INTEGER_new();
val = -40;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 128 */
a = ASN1_INTEGER_new();
val = 128;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* -128 */
a = ASN1_INTEGER_new();
val = -128;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 200 */
a = ASN1_INTEGER_new();
val = 200;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
#ifndef TIME_T_NOT_64BIT
/* int max (2147483647) */
a = ASN1_INTEGER_new();
val = 2147483647;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* int min (-2147483648) */
a = ASN1_INTEGER_new();
val = -2147483647 - 1;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_get1_certs(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE_CTX *storeCtx;
X509_STORE *store;
X509 *caX509;
X509 *svrX509;
X509_NAME *subject;
WOLF_STACK_OF(WOLFSSL_X509) *certs;
printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()");
AssertNotNull(caX509 =
X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
AssertNotNull((svrX509 =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertNotNull(storeCtx = X509_STORE_CTX_new());
AssertNotNull(store = X509_STORE_new());
AssertNotNull(subject = X509_get_subject_name(caX509));
/* Errors */
AssertNull(X509_STORE_get1_certs(storeCtx, subject));
AssertNull(X509_STORE_get1_certs(NULL, subject));
AssertNull(X509_STORE_get1_certs(storeCtx, NULL));
AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS);
/* Should find the cert */
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(1, wolfSSL_sk_X509_num(certs));
sk_X509_free(certs);
/* Should not find the cert */
AssertNotNull(subject = X509_get_subject_name(svrX509));
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(0, wolfSSL_sk_X509_num(certs));
sk_X509_free(certs);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(svrX509);
X509_free(caX509);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
}
/* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
typedef struct {
/* AlgorithmIdentifier ecPublicKey with optional parameters present
* as an OID identifying the curve */
X509_ALGOR *alg;
/* Compressed format public key per ANSI X9.63 */
ASN1_BIT_STRING *pub_key;
} DPP_BOOTSTRAPPING_KEY;
ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
#endif
static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
{
/* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
EC_KEY *eckey;
EVP_PKEY *key;
size_t len;
unsigned char *der = NULL;
DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
const unsigned char *in = ecc_clikey_der_256;
const EC_GROUP *group;
const EC_POINT *point;
int nid;
AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
(long)sizeof_ecc_clikey_der_256));
AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
AssertNotNull(group = EC_KEY_get0_group(eckey));
AssertNotNull(point = EC_KEY_get0_public_key(eckey));
nid = EC_GROUP_get_curve_name(group);
AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
#ifdef HAVE_COMP_KEY
AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
NULL, 0, NULL)), 0);
#else
AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
NULL, 0, NULL)), 0);
#endif
AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
#ifdef HAVE_COMP_KEY
AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
der, len, NULL), len);
#else
AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
der, len, NULL), len);
#endif
bootstrap->pub_key->data = der;
bootstrap->pub_key->length = (int)len;
/* Not actually used */
bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
der = NULL;
AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
EVP_PKEY_free(key);
EC_KEY_free(eckey);
DPP_BOOTSTRAPPING_KEY_free(bootstrap);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_i2c_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_INTEGER *a;
unsigned char *pp,*tpp;
int ret;
printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER");
a = wolfSSL_ASN1_INTEGER_new();
/* 40 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 40;
ret = i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 40);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* 128 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 128;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 2);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*(pp--), 128);
AssertIntEQ(*pp, 0);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -40 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 40;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 216);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -128 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 128;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 128);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -200 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 200;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 2);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*(pp--), 56);
AssertIntEQ(*pp, 255);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_ASN1_INTEGER_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN */
}
#ifndef NO_INLINE
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#else
#include <wolfssl/wolfcrypt/misc.h>
#endif
static int test_ForceZero(void)
{
unsigned char data[32];
unsigned int i, j, len;
/* Test case with 0 length */
ForceZero(data, 0);
/* Test ForceZero */
for (i = 0; i < sizeof(data); i++) {
for (len = 1; len < sizeof(data) - i; len++) {
for (j = 0; j < sizeof(data); j++)
data[j] = j + 1;
ForceZero(data + i, len);
for (j = 0; j < sizeof(data); j++) {
if (j < i || j >= i + len) {
if (data[j] == 0x00)
return -10200;
}
else if (data[j] != 0x00)
return -10201;
}
}
}
return 0;
}
#ifndef NO_BIO
static void test_wolfSSL_X509_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
X509 *x509;
BIO *bio;
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
const X509_ALGOR *cert_sig_alg;
#endif
printf(testingFmt, "wolfSSL_X509_print");
x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
/* print to memory */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#if defined(WOLFSSL_QT)
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113);
#else
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103);
#endif
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
/* Print signature */
AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif
/* print to stdout */
#if !defined(NO_WOLFSSL_DIR)
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#endif
/* print again */
AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
X509_free(x509);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA) && !defined(NO_BIO)
BIO *bio;
WOLFSSL_RSA* rsa = NULL;
printf(testingFmt, "wolfSSL_RSA_print");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_get_len(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
BIO *bio = NULL;
const char txt[] = "Some example text to push to the BIO.";
printf(testingFmt, "wolfSSL_BIO_get_len");
AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_STRING_print(void){
#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
ASN1_STRING* asnStr = NULL;
const char HELLO_DATA[]= \
{'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
#define MAX_UNPRINTABLE_CHAR 32
#define MAX_BUF 255
unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
unsigned char expected[sizeof(unprintableData)+1];
unsigned char rbuf[MAX_BUF];
BIO *bio;
int p_len, i;
printf(testingFmt, "wolfSSL_ASN1_STRING_print()");
/* setup */
for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
unprintableData[i] = HELLO_DATA[i];
expected[i] = HELLO_DATA[i];
}
for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
unprintableData[sizeof(HELLO_DATA)+i] = i;
if (i == (int)'\n' || i == (int)'\r')
expected[sizeof(HELLO_DATA)+i] = i;
else
expected[sizeof(HELLO_DATA)+i] = '.';
}
unprintableData[sizeof(unprintableData)-1] = '\0';
expected[sizeof(expected)-1] = '\0';
XMEMSET(rbuf, 0, MAX_BUF);
bio = BIO_new(BIO_s_mem());
BIO_set_write_buf_size(bio, MAX_BUF);
asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(asnStr,(const void*)unprintableData,
(int)sizeof(unprintableData));
/* test */
p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
AssertIntEQ(p_len, 46);
BIO_read(bio, (void*)rbuf, 46);
AssertStrEQ((char*)rbuf, (const char*)expected);
BIO_free(bio);
ASN1_STRING_free(asnStr);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
}
#endif /* !NO_BIO */
static void test_wolfSSL_ASN1_get_object(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
const unsigned char* derBuf = cliecc_cert_der_256;
int len = sizeof_cliecc_cert_der_256;
long asnLen = 0;
int tag = 0, cls = 0;
ASN1_OBJECT *a;
printf(testingFmt, "wolfSSL_ASN1_get_object()");
/* Read a couple TLV triplets and make sure they match the expected values */
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
AssertIntEQ(asnLen, 841);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 750);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 3);
AssertIntEQ(tag, 0);
AssertIntEQ(cls, 0x80);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 1);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 9);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 10);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
/* Read an ASN OBJECT */
AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
ASN1_OBJECT_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_RSA_verify(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
!defined(NO_FILESYSTEM) && defined(HAVE_CRL)
#ifndef NO_BIO
XFILE fp;
RSA *pKey, *pubKey;
X509 *cert;
const char *text = "Hello wolfSSL !";
unsigned char hash[SHA256_DIGEST_LENGTH];
unsigned char signature[2048/8];
unsigned int signatureLength;
byte *buf;
BIO *bio;
SHA256_CTX c;
EVP_PKEY *evpPkey, *evpPubkey;
size_t sz;
printf(testingFmt, "wolfSSL_RSA_verify");
/* generate hash */
SHA256_Init(&c);
SHA256_Update(&c, text, strlen(text));
SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* workaround for small stack cache case */
wc_Sha256Free((wc_Sha256*)&c);
#endif
/* read privete key file */
fp = XFOPEN(svrKeyFile, "rb");
AssertTrue((fp != XBADFILE));
XFSEEK(fp, 0, XSEEK_END);
sz = XFTELL(fp);
XREWIND(fp);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
XFCLOSE(fp);
/* read private key and sign hash data */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
signature, &signatureLength, pKey), SSL_SUCCESS);
/* read public key and verify signed data */
fp = XFOPEN(svrCertFile,"rb");
AssertTrue((fp != XBADFILE));
cert = PEM_read_X509(fp, 0, 0, 0 );
XFCLOSE(fp);
evpPubkey = X509_get_pubkey(cert);
pubKey = EVP_PKEY_get1_RSA(evpPubkey);
AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
signatureLength, pubKey), SSL_SUCCESS);
RSA_free(pKey);
EVP_PKEY_free(evpPkey);
RSA_free(pubKey);
EVP_PKEY_free(evpPubkey);
X509_free(cert);
BIO_free(bio);
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
printf(resultFmt, passed);
#endif
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
{
X509* x509 = NULL;
BIGNUM* serial_number = NULL;
X509_NAME* name = NULL;
time_t epoch_off = 0;
ASN1_INTEGER* asn1_serial_number;
long not_before, not_after;
AssertNotNull(x509 = X509_new());
AssertIntNE(X509_set_pubkey(x509, pkey), 0);
AssertNotNull(serial_number = BN_new());
AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
/* version 3 */
AssertIntNE(X509_set_version(x509, 2L), 0);
AssertNotNull(name = X509_NAME_new());
AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
(unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
AssertIntNE(X509_set_subject_name(x509, name), 0);
AssertIntNE(X509_set_issuer_name(x509, name), 0);
not_before = (long)XTIME(NULL);
not_after = not_before + (365 * 24 * 60 * 60);
AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));
AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
BN_free(serial_number);
X509_NAME_free(name);
X509_free(x509);
}
#endif
static void test_openssl_generate_key_and_cert(void)
{
#if defined(OPENSSL_EXTRA)
#if !defined(NO_RSA)
{
EVP_PKEY* pkey = EVP_PKEY_new();
int key_length = 2048;
BIGNUM* exponent = BN_new();
RSA* rsa = RSA_new();
AssertNotNull(pkey);
AssertNotNull(exponent);
AssertNotNull(rsa);
AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
#ifndef WOLFSSL_KEY_GEN
AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE);
#if defined(USE_CERT_BUFFERS_1024)
AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
key_length = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
#else
RSA_free(rsa);
rsa = NULL;
#endif
#else
AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
#endif
if (rsa) {
AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
BN_free(exponent);
#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
test_openssl_make_self_signed_certificate(pkey);
#endif
}
EVP_PKEY_free(pkey);
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
{
EVP_PKEY* pkey = EVP_PKEY_new();
EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
AssertNotNull(pkey);
AssertNotNull(ec_key);
#ifndef NO_WOLFSSL_STUB
EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
#endif
AssertIntNE(EC_KEY_generate_key(ec_key), 0);
AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
test_openssl_make_self_signed_certificate(pkey);
#endif
EVP_PKEY_free(pkey);
}
#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */
}
static void test_stubs_are_stubs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_CTX* ctxN = NULL;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#elif !defined(NO_WOLFSSL_SERVER)
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
return;
#endif
#define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
AssertIntEQ((int) x(z), 0)
/* test logic, all stubs return same result regardless of ctx being NULL
* as there are no sanity checks, it's just a stub! If at some
* point a stub is not a stub it should begin to return BAD_FUNC_ARG
* if invalid inputs are supplied. Test calling both
* with and without valid inputs, if a stub functionality remains unchanged.
*/
CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
wolfSSL_CTX_free(ctx);
ctx = NULL;
#endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
}
static void test_CONF_modules_xxx(void)
{
#if defined(OPENSSL_EXTRA)
CONF_modules_free();
AssertTrue(1); /* to confirm previous call gives no harm */
CONF_modules_unload(0);
AssertTrue(1);
CONF_modules_unload(1);
AssertTrue(1);
CONF_modules_unload(-1);
AssertTrue(1);
#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_set_dynlock_xxx(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "CRYPTO_set_dynlock_xxx()");
CRYPTO_set_dynlock_create_callback(
(struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
CRYPTO_set_dynlock_create_callback(
(struct CRYPTO_dynlock_value *(*)(const char*, int))1);
CRYPTO_set_dynlock_destroy_callback(
(void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
CRYPTO_set_dynlock_destroy_callback(
(void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
CRYPTO_set_dynlock_lock_callback(
(void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
CRYPTO_set_dynlock_lock_callback(
(void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_THREADID_xxx(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "CRYPTO_THREADID_xxx()");
CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_ENGINE_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "ENGINE_cleanup()");
ENGINE_cleanup();
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_LoadCRL(void)
{
#ifdef HAVE_CRL
WOLFSSL_CTX* ctx = NULL;
const char* badPath = "dummypath";
const char* validPath = "./certs/crl";
int derType = WOLFSSL_FILETYPE_ASN1;
int pemType = WOLFSSL_FILETYPE_PEM;
int monitor = WOLFSSL_CRL_MONITOR;
#define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
BAD_FUNC_ARG)
#define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
WOLFSSL_SUCCESS)
FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
wolfSSL_CTX_free(ctx);
ctx = NULL;
#endif
}
static void test_SetTmpEC_DHE_Sz(void)
{
#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_get0_privatekey(void)
{
#ifdef OPENSSL_ALL
WOLFSSL_CTX* ctx = NULL;
printf(testingFmt, "wolfSSL_CTX_get0_privatekey()");
#ifndef NO_RSA
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(SSL_CTX_get0_privatekey(ctx));
wolfSSL_CTX_free(ctx);
#endif
#ifdef HAVE_ECC
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(SSL_CTX_get0_privatekey(ctx));
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_dtls_set_mtu(void)
{
#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
defined(WOLFSSL_DTLS)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
const char* testCertFile;
const char* testKeyFile;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
WOLFSSL_FILETYPE_PEM));
}
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
printf(testingFmt, "wolfSSL_dtls_set_mtu()");
printf(resultFmt, passed);
#endif
}
#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
printf("loading cert %s failed\n", certA);
printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
return -1;
}
return 0;
}
static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
!= WOLFSSL_SUCCESS) {
printf("could not verify the cert: %s\n", certA);
printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
return -1;
} else {
printf("successfully verified: %s\n", certA);
}
return 0;
}
#define LOAD_ONE_CA(a, b, c, d) \
do { \
a = load_ca_into_cm(c, d); \
if (a != 0) \
return b; \
else \
b--; \
} while(0)
#define VERIFY_ONE_CERT(a, b, c, d) \
do { \
a = verify_cert_with_cm(c, d); \
if (a != 0) \
return b; \
else \
b--; \
} while(0)
static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
char chainGArr[9][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainG-ICA7-pathlen100.pem",
"certs/test-pathlen/chainG-ICA6-pathlen10.pem",
"certs/test-pathlen/chainG-ICA5-pathlen20.pem",
"certs/test-pathlen/chainG-ICA4-pathlen5.pem",
"certs/test-pathlen/chainG-ICA3-pathlen99.pem",
"certs/test-pathlen/chainG-ICA2-pathlen1.pem",
"certs/test-pathlen/chainG-ICA1-pathlen0.pem",
"certs/test-pathlen/chainG-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
/* test validating the entity twice, should have no effect on pathLen since
* entity/leaf cert */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
return ret;
}
static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
* ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
* ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
* ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
* ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
* Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
*/
char chainHArr[6][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainH-ICA4-pathlen2.pem",
"certs/test-pathlen/chainH-ICA3-pathlen2.pem",
"certs/test-pathlen/chainH-ICA2-pathlen2.pem",
"certs/test-pathlen/chainH-ICA1-pathlen0.pem",
"certs/test-pathlen/chainH-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
return ret;
}
static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain I is a valid chain per RFC5280 section 4.2.1.9:
* ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
* ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
* ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
* Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
*/
char chainIArr[5][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainI-ICA3-pathlen2.pem",
"certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
"certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
"certs/test-pathlen/chainI-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
return ret;
}
static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
* ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
* ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
* ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
* ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
*/
char chainJArr[6][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
"certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
"certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
"certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
"certs/test-pathlen/chainJ-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
return ret;
}
static int test_various_pathlen_chains(void)
{
int ret;
WOLFSSL_CERT_MANAGER* cm;
/* Test chain G (large chain with varying pathLens) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntEQ(test_chainG(cm), 0);
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* end test chain G */
/* Test chain H (5 chain with same pathLens) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntLT(test_chainH(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* end test chain H */
/* Test chain I (only first ICA has pathLen set and it's set to 2,
* followed by 2 ICA's, should pass) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntEQ(test_chainI(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* Test chain J (Again only first ICA has pathLen set and it's set to 2,
* this time followed by 3 ICA's, should fail */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntLT(test_chainJ(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
return ret;
}
#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
{
byte ekm[100] = {0};
(void)ctx;
/* Succes Cases */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
/* Use some random context */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
/* Failure cases */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
return 0;
}
static void test_export_keying_material_ssl_cb(WOLFSSL* ssl)
{
wolfSSL_KeepArrays(ssl);
}
static void test_export_keying_material(void)
{
#ifndef SINGLE_THREADED
tcp_ready ready;
callback_functions clientCb;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&clientCb, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
clientCb.ssl_ready = test_export_keying_material_ssl_cb;
client_args.callbacks = &clientCb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, test_export_keying_material_cb);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif /* !SINGLE_THREADED */
}
#endif /* HAVE_KEYING_MATERIAL */
static int test_wolfSSL_THREADID_hash(void)
{
int ret = 0;
unsigned long res;
#if defined(OPENSSL_EXTRA)
CRYPTO_THREADID id;
printf(testingFmt, "wolfSSL_THREADID_hash");
CRYPTO_THREADID_current(NULL);
AssertTrue(1);
res = CRYPTO_THREADID_hash(NULL);
AssertTrue( res == 0UL);
XMEMSET(&id, 0, sizeof(id));
res = CRYPTO_THREADID_hash(&id);
AssertTrue( res == 0UL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
(void)res;
return ret;
}
static int test_wolfSSL_CTX_set_ecdh_auto(void)
{
int ret = 0;
WOLFSSL_CTX* ctx = NULL;
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "SSL_CTX_set_ecdh_auto");
AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
(void)ctx;
return ret;
}
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
{
callback_functions* callbacks = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int ret, err;
if (!args)
return 0;
((func_args*)args)->return_code = TEST_FAIL;
callbacks = ((func_args*)args)->callbacks;
ctx = wolfSSL_CTX_new(callbacks->method());
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#else
/* Let tcp_listen assign port */
port = 0;
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* listen and accept */
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sfd);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
do {
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
((func_args*)args)->return_code = TEST_FAIL;
return 0;
}
/* read and write data */
XMEMSET( input, 0, sizeof(input));
while (1) {
ret = wolfSSL_read(ssl, input, sizeof(input));
if (ret > 0) {
break;
}
else {
err = wolfSSL_get_error(ssl,ret);
if (err == WOLFSSL_ERROR_WANT_READ) {
continue;
}
break;
}
}
if (err == WOLFSSL_ERROR_ZERO_RETURN) {
do {
ret = wolfSSL_write(ssl, msg, len);
if (ret > 0) {
break;
}
} while (ret < 0);
}
/* bidirectional shutdown */
while ((ret = wolfSSL_shutdown(ssl)) != WOLFSSL_SUCCESS) {
continue;
}
/* wait for the peer to disconnect the tcp connection */
do {
ret = wolfSSL_read(ssl, input, sizeof(input));
err = wolfSSL_get_error(ssl, ret);
} while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN);
/* detect TCP disconnect */
AssertIntLE(ret,WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
((func_args*)args)->return_code = TEST_SUCCESS;
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
return 0;
}
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
{
callback_functions* callbacks = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello wolfssl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err;
if (!args)
return 0;
((func_args*)args)->return_code = TEST_FAIL;
callbacks = ((func_args*)args)->callbacks;
ctx = wolfSSL_CTX_new(callbacks->method());
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull((ssl = wolfSSL_new(ctx)));
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
do {
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
ret = wolfSSL_write(ssl, msg, len);
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
}
ret = wolfSSL_shutdown(ssl);
if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
ret = wolfSSL_shutdown(ssl);
}
AssertIntEQ(ret, WOLFSSL_SUCCESS);
((func_args*)args)->return_code = TEST_SUCCESS;
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sfd);
return 0;
}
#endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL */
/* This test is to check wolfSSL_read behaves as same as
* openSSL when it is called after SSL_shutdown completes.
*/
static int test_wolfSSL_read_detect_TCP_disconnect(void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
THREAD_TYPE clientThread;
callback_functions server_cbf;
callback_functions client_cbf;
printf(testingFmt, "wolfSSL_read_detect_TCP_disconnect()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
client_cbf.method = wolfTLSv1_2_client_method;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(SSL_read_test_server_thread, &server_args, &serverThread);
wait_tcp_ready(&server_args);
start_thread(SSL_read_test_client_thread, &client_args, &clientThread);
join_thread(clientThread);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
printf(resultFmt, passed);
#endif
return ret;
}
static void test_wolfSSL_CTX_get_min_proto_version(void)
{
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_CTX *ctx;
(void)ctx;
printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALLOW_SSLV3
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
#endif
wolfSSL_CTX_free(ctx);
#ifdef WOLFSSL_ALLOW_TLSV10
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
#endif
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALLOW_TLSV10
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
#endif
wolfSSL_CTX_free(ctx);
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS);
#ifndef NO_OLD_TLS
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
#endif
wolfSSL_CTX_free(ctx);
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
wolfSSL_CTX_free(ctx);
#endif
#ifdef WOLFSSL_TLS13
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}
static void test_wolfSSL_security_level(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_security_level()");
SSL_CTX *ctx;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
SSL_CTX_set_security_level(ctx, 1);
AssertTrue(1);
AssertIntEQ(SSL_CTX_get_security_level(ctx), 0);
SSL_CTX_free(ctx);
#else
(void)ctx;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SSL_in_init(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)
printf(testingFmt, "test_wolfSSL_SSL_in_init()");
SSL_CTX* ctx;
SSL* ssl;
const char* testCertFile;
const char* testKeyFile;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(SSL_in_init(ssl), 1);
SSL_CTX_free(ctx);
SSL_free(ssl);
#else
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EC_curve(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
printf(testingFmt, "test_wolfSSL_EC_curve()");
int nid = NID_secp160k1;
const char* nid_name;
AssertNotNull(nid_name = EC_curve_nid2nist(nid));
AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
AssertIntEQ(EC_curve_nist2nid(nid_name), nid);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_set_timeout(void)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
int timeout;
(void)timeout;
printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
/* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
* wolfSSL_CTX_set_timeout returns previous timeout value on success.
*/
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
/* giving 0 as timeout value sets default timeout */
timeout = wolfSSL_CTX_set_timeout(ctx, 0);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
#else
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
#endif
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
}
static void test_wolfSSL_OpenSSL_version(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_OpenSSL_version()");
const char* ver;
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
AssertNotNull(ver = OpenSSL_version(0));
#else
AssertNotNull(ver = OpenSSL_version());
#endif
AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING,
XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0);
printf(resultFmt, passed);
#endif
}
static void test_CONF_CTX_CMDLINE(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "test_CONF_CTX_CMDLINE");
SSL_CTX* ctx = NULL;
SSL_CONF_CTX* cctx = NULL;
AssertNotNull(cctx = SSL_CONF_CTX_new());
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
AssertTrue(1);
/* set flags */
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE),
WOLFSSL_CONF_FLAG_CMDLINE);
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE);
/* cmd invalid command */
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
/* cmd Certificate and Private Key*/
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd curves */
{
#if defined(HAVE_ECC)
const char* curve = "secp256r1";
AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd CipherString */
{
char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
}
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO)
const char* ourdhcert = "./certs/dh2048.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL),
-3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
SSL_CTX_free(ctx);
SSL_CONF_CTX_free(cctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_CONF_CTX_FILE(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "test_CONF_CTX_FILE");
SSL_CTX* ctx = NULL;
SSL_CONF_CTX* cctx = NULL;
AssertNotNull(cctx = SSL_CONF_CTX_new());
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
AssertTrue(1);
/* set flags */
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
WOLFSSL_CONF_FLAG_FILE);
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
/* sanity check */
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
/* cmd Certificate and Private Key*/
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd curves */
{
#if defined(HAVE_ECC)
const char* curve = "secp256r1";
AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd CipherString */
{
char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
}
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
const char* ourdhcert = "./certs/dh3072.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
SSL_CTX_free(ctx);
SSL_CONF_CTX_free(cctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CRYPTO_get_ex_new_index(void)
{
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
int idx1,idx2;
printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()");
/* test for unsupported flass index */
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1);
/* test for supported class index */
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL );
idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
printf(resultFmt, "passed");
#endif /* HAVE_EX_DATA || FORTRESS */
}
static void test_wolfSSL_set_psk_use_session_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
printf(testingFmt, "test_wolfSSL_set_psk_use_session_callback()");
SSL_CTX* ctx;
SSL* ssl;
const char* testCertFile;
const char* testKeyFile;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
SSL_set_psk_use_session_callback(ssl,
my_psk_use_session_cb);
AssertTrue(1);
SSL_CTX_free(ctx);
SSL_free(ssl);
#else
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DH(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
DH *dh = NULL;
BIGNUM* p;
BIGNUM* q;
BIGNUM* g;
BIGNUM* pub;
BIGNUM* priv;
(void)dh;
(void)p;
(void)q;
(void)g;
(void)pub;
(void)priv;
#if defined(OPENSSL_ALL) && defined(WOLFSSL_KEY_GEN)
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
FILE* f = NULL;
unsigned char buf[268];
const unsigned char* pt = buf;
long len = 0;
dh = NULL;
XMEMSET(buf, 0, sizeof(buf));
/* Test 2048 bit parameters */
f = XFOPEN("./certs/dh2048.der", "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(dh = d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
DH_get0_pqg(dh, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**) &g);
AssertPtrEq(p, dh->p);
AssertPtrEq(q, dh->q);
AssertPtrEq(g, dh->g);
DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
AssertPtrEq(pub, dh->pub_key);
AssertPtrEq(priv, dh->priv_key);
AssertNotNull(pub = BN_new());
AssertNotNull(priv = BN_new());
AssertIntEQ(DH_set0_key(dh, pub, priv), 1);
AssertPtrEq(pub, dh->pub_key);
AssertPtrEq(priv, dh->priv_key);
DH_free(dh);
AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
DH_free(dh);
#endif
#endif
printf(testingFmt, "test_wolfSSL_DH");
dh = wolfSSL_DH_new();
AssertNotNull(dh);
/* invalid parameters test */
DH_get0_pqg(NULL, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
DH_get0_pqg(dh, NULL,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
DH_get0_pqg(dh, NULL, NULL, NULL);
AssertTrue(1);
DH_get0_pqg(dh, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
AssertPtrEq(p, NULL);
AssertPtrEq(q, NULL);
AssertPtrEq(g, NULL);
DH_free(dh);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_DH */
}
static void test_wolfSSL_ERR_strings(void)
{
const char* err1 = "unsupported cipher suite";
const char* err2 = "wolfSSL PEM routines";
const char* err = NULL;
(void)err;
(void)err1;
(void)err2;
#if !defined(NO_ERROR_STRINGS)
printf(testingFmt, "test_wolfSSL_ERR_strings");
#if defined(OPENSSL_EXTRA)
err = ERR_reason_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
err = ERR_func_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
#else
err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
/* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_shake128(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
defined(WOLFSSL_SHAKE128)
printf(testingFmt, "test_wolfSSL_EVP_shake128");
const EVP_MD* md = NULL;
md = EVP_shake128();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_shake256(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
defined(WOLFSSL_SHAKE256)
printf(testingFmt, "test_wolfSSL_EVP_shake256");
const EVP_MD* md = NULL;
md = EVP_shake256();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0);
printf(resultFmt, passed);
#endif
}
static void test_EVP_blake2(void)
{
#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S))
printf(testingFmt, "test_EVP_blake2");
const EVP_MD* md = NULL;
(void)md;
#if defined(HAVE_BLAKE2)
md = EVP_blake2b512();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
#endif
#if defined(HAVE_BLAKE2S)
md = EVP_blake2s256();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
#endif
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA)
static void list_md_fn(const EVP_MD* m, const char* from,
const char* to, void* arg)
{
const char* mn;
BIO *bio;
(void) from;
(void) to;
(void) arg;
(void) mn;
(void) bio;
if (!m) {
/* alias */
AssertNull(m);
AssertNotNull(to);
}
else {
AssertNotNull(m);
AssertNull(to);
}
AssertNotNull(from);
#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
mn = EVP_get_digestbyname(from);
/* print to stdout */
AssertNotNull(arg);
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, arg, BIO_NOCLOSE);
BIO_printf(bio, "Use %s message digest algorithm\n", mn);
BIO_free(bio);
#endif
}
#endif
static void test_EVP_MD_do_all(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_EVP_MD_do_all");
EVP_MD_do_all(NULL, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
EVP_MD_do_all(list_md_fn, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA)
static void obj_name_t(const OBJ_NAME* nm, void* arg)
{
(void)arg;
(void)nm;
AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF);
#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
/* print to stdout */
AssertNotNull(arg);
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, arg, BIO_NOCLOSE);
BIO_printf(bio, "%s\n", mn);
BIO_free(bio);
#endif
}
#endif
static void test_OBJ_NAME_do_all(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_OBJ_NAME_do_all");
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL);
/* to confirm previous call gives no harm */
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(-1, obj_name_t, stdout);
AssertTrue(1);
printf(resultFmt, passed);
#endif
}
static void test_SSL_CIPHER_get_xxx(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
printf(testingFmt, "test_SSL_CIPHER_get_xxx");
const SSL_CIPHER* cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
int i, numCiphers = 0;
SSL_CTX* ctx = NULL;
SSL* ssl = NULL;
const char* testCertFile;
const char* testKeyFile;
char buf[256] = {0};
const char* cipher_id = NULL;
int expect_nid1 = NID_undef;
int expect_nid2 = NID_undef;
int expect_nid3 = NID_undef;
int expect_nid4 = NID_undef;
int expect_nid5 = 0;
const char* cipher_id2 = NULL;
int expect_nid21 = NID_undef;
int expect_nid22 = NID_undef;
int expect_nid23 = NID_undef;
int expect_nid24 = NID_undef;
int expect_nid25 = 0;
(void)cipher;
(void)supportedCiphers;
(void)i;
(void)numCiphers;
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#if defined(WOLFSSL_TLS13)
cipher_id = "TLS13-AES128-GCM-SHA256";
expect_nid1 = NID_auth_rsa;
expect_nid2 = NID_aes_128_gcm;
expect_nid3 = NID_sha256;
expect_nid4 = NID_kx_any;
expect_nid5 = 1;
#if !defined(WOLFSSL_NO_TLS12)
cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384";
expect_nid21 = NID_auth_rsa;
expect_nid22 = NID_aes_256_gcm;
expect_nid23 = NID_sha384;
expect_nid24 = NID_kx_ecdhe;
expect_nid25 = 1;
#endif
#endif
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
if (cipher_id) {
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(SSL_in_init(ssl), 1);
supportedCiphers = SSL_get_ciphers(ssl);
numCiphers = sk_num(supportedCiphers);
for (i = 0; i < numCiphers; ++i) {
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
break;
}
}
/* test case for */
if (i != numCiphers) {
AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1);
AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2);
AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3);
AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4);
AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5);
}
if (cipher_id2) {
for (i = 0; i < numCiphers; ++i) {
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) {
break;
}
}
/* test case for */
if (i != numCiphers) {
AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21);
AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22);
AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23);
AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24);
AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25);
}
}
}
if (ctx)
SSL_CTX_free(ctx);
if(ssl)
SSL_free(ssl);
printf(resultFmt, passed);
#endif
}
#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
int* keyFormat)
{
int ret;
byte* key_buf = NULL;
size_t key_sz = 0;
EncryptedInfo encInfo;
XMEMSET(&encInfo, 0, sizeof(encInfo));
ret = load_file(privKeyFile, &key_buf, &key_sz);
if (ret == 0) {
ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer,
NULL, &encInfo, keyFormat);
}
if (key_buf != NULL) {
free(key_buf); key_buf = NULL;
}
(void)encInfo; /* not used in this test */
#ifdef DEBUG_WOLFSSL
printf("%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
(ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
(*pDer)->length);
#endif
return ret;
}
static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
{
int ret = CRYPTOCB_UNAVAILABLE;
const char* privKeyFile = (const char*)ctx;
DerBuffer* pDer = NULL;
int keyFormat = 0;
if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: Pk Type %d\n", info->pk.type);
#endif
#ifndef NO_RSA
if (info->pk.type == WC_PK_TYPE_RSA) {
switch (info->pk.rsa.type) {
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
/* perform software based RSA public op */
ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
break;
case RSA_PRIVATE_ENCRYPT:
case RSA_PRIVATE_DECRYPT:
{
RsaKey key;
/* perform software based RSA private op */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: RSA Priv\n");
#endif
ret = load_pem_key_file_as_der(privKeyFile, &pDer,
&keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
word32 keyIdx = 0;
/* load RSA private key and perform private transform */
ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
ret = wc_RsaFunction(
info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, info->pk.rsa.outLen,
info->pk.rsa.type, &key, info->pk.rsa.rng);
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: RSA private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_FreeRsaKey(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
break;
}
}
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n",
info->pk.rsa.type, ret, *info->pk.rsa.outLen);
#endif
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
/* mark this key as ephemeral */
if (info->pk.eckg.key != NULL) {
XSTRNCPY(info->pk.eckg.key->label, "ephemeral",
sizeof(info->pk.eckg.key->label));
info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label);
}
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ecc_key key;
/* perform software based ECC sign */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ECC Sign\n");
#endif
if (info->pk.eccsign.key != NULL &&
XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) {
/* this is an empheral key */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: skipping signing op on ephemeral key\n");
#endif
return CRYPTOCB_UNAVAILABLE;
}
ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_ecc_init(&key);
if (ret == 0) {
word32 keyIdx = 0;
/* load ECC private key and perform private transform */
ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
ret = wc_ecc_sign_hash(
info->pk.eccsign.in, info->pk.eccsign.inlen,
info->pk.eccsign.out, info->pk.eccsign.outlen,
info->pk.eccsign.rng, &key);
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: ECC private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_ecc_free(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ECC Ret %d, Out %d\n",
ret, *info->pk.eccsign.outlen);
#endif
}
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
ed25519_key key;
/* perform software based ED25519 sign */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ED25519 Sign\n");
#endif
ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret == 0) {
word32 keyIdx = 0;
/* load ED25519 private key and perform private transform */
ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
/* calculate public key */
ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE);
if (ret == 0) {
key.pubKeySet = 1;
ret = wc_ed25519_sign_msg_ex(
info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
&key, info->pk.ed25519sign.type,
info->pk.ed25519sign.context,
info->pk.ed25519sign.contextLen);
}
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: ED25519 private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_ed25519_free(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ED25519 Ret %d, Out %d\n",
ret, *info->pk.ed25519sign.outLen);
#endif
}
#endif /* HAVE_ED25519 */
}
(void)thisDevId;
(void)keyFormat;
return ret;
}
/* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wc_CryptoCb_TLS(int tlsVer,
const char* cliCaPemFile, const char* cliCertPemFile,
const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile,
const char* svrCaPemFile, const char* svrCertPemFile,
const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile)
{
callback_functions client_cbf;
callback_functions server_cbf;
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
if (tlsVer == WOLFSSL_TLSV1_3) {
#ifdef WOLFSSL_TLS13
server_cbf.method = wolfTLSv1_3_server_method;
client_cbf.method = wolfTLSv1_3_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_2) {
#ifndef WOLFSSL_NO_TLS12
server_cbf.method = wolfTLSv1_2_server_method;
client_cbf.method = wolfTLSv1_2_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_1) {
#ifndef NO_OLD_TLS
server_cbf.method = wolfTLSv1_1_server_method;
client_cbf.method = wolfTLSv1_1_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
server_cbf.method = wolfTLSv1_server_method;
client_cbf.method = wolfTLSv1_client_method;
#endif
}
else if (tlsVer == WOLFSSL_SSLV3) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
defined(WOLFSSL_STATIC_RSA)
server_cbf.method = wolfSSLv3_server_method;
client_cbf.method = wolfSSLv3_client_method;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1_2) {
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
server_cbf.method = wolfDTLSv1_2_server_method;
client_cbf.method = wolfDTLSv1_2_client_method;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1) {
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
server_cbf.method = wolfDTLSv1_server_method;
client_cbf.method = wolfDTLSv1_client_method;
#endif
}
if (server_cbf.method == NULL) {
/* not enabled */
return;
}
/* Setup the keys for the TLS test */
client_cbf.certPemFile = cliCertPemFile;
client_cbf.keyPemFile = cliPubKeyPemFile;
client_cbf.caPemFile = cliCaPemFile;
server_cbf.certPemFile = svrCertPemFile;
server_cbf.keyPemFile = svrPubKeyPemFile;
server_cbf.caPemFile = svrCaPemFile;
/* Setup a crypto callback with pointer to private key file for testing */
client_cbf.devId = 1;
wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func,
(void*)cliPrivKeyPemFile);
server_cbf.devId = 2;
wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func,
(void*)svrPrivKeyPemFile);
/* Perform TLS server and client test */
/* First test is at WOLFSSL_CTX level */
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Second test is a WOLFSSL object level */
client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Un register the devId's */
wc_CryptoCb_UnRegisterDevice(client_cbf.devId);
client_cbf.devId = INVALID_DEVID;
wc_CryptoCb_UnRegisterDevice(server_cbf.devId);
server_cbf.devId = INVALID_DEVID;
}
#endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */
static void test_wc_CryptoCb(void)
{
#ifdef WOLF_CRYPTO_CB
/* TODO: Add crypto callback API tests */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
int tlsVer;
#endif
#ifndef NO_RSA
for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wc_CryptoCb_TLS(tlsVer,
svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile,
cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile);
}
#endif
#ifdef HAVE_ECC
for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wc_CryptoCb_TLS(tlsVer,
caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile,
cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile);
}
#endif
#ifdef HAVE_ED25519
for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
if (tlsVer == WOLFSSL_DTLSV1) continue;
test_wc_CryptoCb_TLS(tlsVer,
caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile,
cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile);
}
#endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
#endif /* WOLF_CRYPTO_CB */
}
#if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES)
/* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
const char* cliCaPemFile, const char* cliCertPemFile,
const char* cliPrivKeyPemFile,
const char* svrCaPemFile, const char* svrCertPemFile,
const char* svrPrivKeyPemFile,
byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz)
{
callback_functions client_cbf;
callback_functions server_cbf;
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
if (tlsVer == WOLFSSL_TLSV1_3) {
#ifdef WOLFSSL_TLS13
server_cbf.method_ex = wolfTLSv1_3_server_method_ex;
client_cbf.method_ex = wolfTLSv1_3_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_2) {
#ifndef WOLFSSL_NO_TLS12
server_cbf.method_ex = wolfTLSv1_2_server_method_ex;
client_cbf.method_ex = wolfTLSv1_2_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_1) {
#ifndef NO_OLD_TLS
server_cbf.method_ex = wolfTLSv1_1_server_method_ex;
client_cbf.method_ex = wolfTLSv1_1_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
server_cbf.method_ex = wolfTLSv1_server_method_ex;
client_cbf.method_ex = wolfTLSv1_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_SSLV3) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
defined(WOLFSSL_STATIC_RSA)
server_cbf.method_ex = wolfSSLv3_server_method_ex;
client_cbf.method_ex = wolfSSLv3_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1_2) {
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
server_cbf.method_ex = wolfDTLSv1_2_server_method_ex;
client_cbf.method_ex = wolfDTLSv1_2_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1) {
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
server_cbf.method_ex = wolfDTLSv1_server_method_ex;
client_cbf.method_ex = wolfDTLSv1_client_method_ex;
#endif
}
if (server_cbf.method_ex == NULL) {
/* not enabled */
return;
}
/* Setup the keys for the TLS test */
client_cbf.certPemFile = cliCertPemFile;
client_cbf.keyPemFile = cliPrivKeyPemFile;
client_cbf.caPemFile = cliCaPemFile;
server_cbf.certPemFile = svrCertPemFile;
server_cbf.keyPemFile = svrPrivKeyPemFile;
server_cbf.caPemFile = svrCaPemFile;
client_cbf.mem = cliMem;
client_cbf.memSz = cliMemSz;
server_cbf.mem = svrMem;
server_cbf.memSz = svrMemSz;
client_cbf.devId = INVALID_DEVID;
server_cbf.devId = INVALID_DEVID;
/* Perform TLS server and client test */
/* First test is at WOLFSSL_CTX level */
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Second test is a WOLFSSL object level */
client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
}
#endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
defined(SESSION_CERTS)
#ifdef OPENSSL_EXTRA
#define TEST_TLS_STATIC_MEMSZ (400000)
#else
#define TEST_TLS_STATIC_MEMSZ (320000)
#endif
#else
#define TEST_TLS_STATIC_MEMSZ (80000)
#endif
static void test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
{
WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL;
WOLFSSL_MEM_STATS mem_stats;
WOLFSSL_MEM_CONN_STATS ssl_stats;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif
AssertNotNull((ssl1 = wolfSSL_new(ctx)));
AssertNotNull((ssl2 = wolfSSL_new(ctx)));
/* this should fail because kMaxCtxClients == 2 */
AssertNull((ssl3 = wolfSSL_new(ctx)));
if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
#ifdef DEBUG_WOLFSSL
wolfSSL_PrintStatsConn(&ssl_stats);
#endif
(void)ssl_stats;
}
/* display collected statistics */
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
#ifdef DEBUG_WOLFSSL
wolfSSL_PrintStats(&mem_stats);
#endif
(void)mem_stats;
}
wolfSSL_free(ssl1);
wolfSSL_free(ssl2);
}
#endif /* WOLFSSL_STATIC_MEMORY */
static void test_wolfSSL_CTX_StaticMemory(void)
{
#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL_method_func method_func;
WOLFSSL_CTX* ctx;
const int kMaxCtxClients = 2;
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
int tlsVer;
byte cliMem[TEST_TLS_STATIC_MEMSZ];
#endif
#endif
byte svrMem[TEST_TLS_STATIC_MEMSZ];
printf(testingFmt, "test_wolfSSL_CTX_StaticMemory()");
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
method_func = wolfTLSv1_2_server_method_ex;
#else
method_func = wolfTLSv1_3_server_method_ex;
#endif
#else
#ifndef WOLFSSL_NO_TLS12
method_func = wolfTLSv1_2_client_method_ex;
#else
method_func = wolfTLSv1_3_client_method_ex;
#endif
#endif
/* Test creating CTX directly from static memory pool */
ctx = NULL;
AssertIntEQ(wolfSSL_CTX_load_static_memory(
&ctx, method_func, svrMem, sizeof(svrMem),
0, kMaxCtxClients), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_StaticMemory_SSL(ctx);
wolfSSL_CTX_free(ctx);
ctx = NULL;
/* Test for heap allocated CTX, then assigning static pool to it */
AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL)));
AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx,
NULL, svrMem, sizeof(svrMem),
0, kMaxCtxClients), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_StaticMemory_SSL(ctx);
wolfSSL_CTX_free(ctx);
/* TLS Level Tests using static memory */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#ifndef NO_RSA
for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
svrCertFile, cliCertFile, cliKeyFile,
cliCertFile, svrCertFile, svrKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#ifdef HAVE_ECC
for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
caEccCertFile, cliEccCertFile, cliEccKeyFile,
cliEccCertFile, eccCertFile, eccKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#ifdef HAVE_ED25519
for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
if (tlsVer == WOLFSSL_DTLSV1) continue;
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
caEdCertFile, cliEdCertFile, cliEdKeyFile,
cliEdCertFile, edCertFile, edKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| Main
*----------------------------------------------------------------------------*/
void ApiTest(void)
{
printf("\n-----------------Porting tests------------------\n");
AssertTrue(test_fileAccess());
printf(" Begin API Tests\n");
AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS);
/* wolfcrypt initialization tests */
test_wolfSSL_Method_Allocators();
#ifndef NO_WOLFSSL_SERVER
test_wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
test_for_double_Free();
#endif
#ifdef HAVE_IO_TESTS_DEPENDENCIES
test_wolfSSL_get_finished();
#endif
test_SSL_CIPHER_get_xxx();
test_wolfSSL_ERR_strings();
test_wolfSSL_EVP_shake128();
test_wolfSSL_EVP_shake256();
test_EVP_blake2();
test_EVP_MD_do_all();
test_OBJ_NAME_do_all();
test_wolfSSL_CTX_use_certificate_file();
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CertManagerCheckOCSPResponse();
test_wolfSSL_CertManagerLoadCABuffer();
test_wolfSSL_CertManagerGetCerts();
test_wolfSSL_CertManagerSetVerify();
test_wolfSSL_CertManagerNameConstraint();
test_wolfSSL_CertManagerNameConstraint2();
test_wolfSSL_CertManagerNameConstraint3();
test_wolfSSL_CertManagerNameConstraint4();
test_wolfSSL_CertManagerNameConstraint5();
test_wolfSSL_CertManagerCRL();
test_wolfSSL_CTX_load_verify_locations_ex();
test_wolfSSL_CTX_load_verify_buffer_ex();
test_wolfSSL_CTX_load_verify_chain_buffer_format();
test_wolfSSL_CTX_add1_chain_cert();
test_wolfSSL_CTX_use_certificate_chain_file_format();
test_wolfSSL_CTX_trust_peer_cert();
test_wolfSSL_CTX_SetTmpDH_file();
test_wolfSSL_CTX_SetTmpDH_buffer();
test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
test_wolfSSL_CTX_der_load_verify_locations();
test_wolfSSL_CTX_enable_disable();
test_wolfSSL_CTX_ticket_API();
test_server_wolfSSL_new();
test_client_wolfSSL_new();
test_wolfSSL_SetTmpDH_file();
test_wolfSSL_SetTmpDH_buffer();
test_wolfSSL_SetMinMaxDhKey_Sz();
test_SetTmpEC_DHE_Sz();
test_wolfSSL_CTX_get0_privatekey();
test_wolfSSL_dtls_set_mtu();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_IO_TESTS_DEPENDENCIES)
test_wolfSSL_read_write();
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
test_wolfSSL_reuse_WOLFSSLobj();
#endif
test_wolfSSL_CTX_verifyDepth_ServerClient();
test_wolfSSL_dtls_export();
test_wolfSSL_tls_export();
#endif
AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS);
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS);
/* TLS extensions tests */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
test_wolfSSL_UseSNI();
#endif
test_wolfSSL_UseTrustedCA();
test_wolfSSL_UseMaxFragment();
test_wolfSSL_UseTruncatedHMAC();
test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN();
test_wolfSSL_DisableExtendedMasterSecret();
test_wolfSSL_wolfSSL_UseSecureRenegotiation();
/* X509 tests */
test_wolfSSL_X509_NAME_get_entry();
test_wolfSSL_PKCS12();
test_wolfSSL_no_password_cb();
test_wolfSSL_PKCS8();
test_wolfSSL_PKCS8_ED25519();
test_wolfSSL_PKCS8_ED448();
test_wolfSSL_PKCS5();
test_wolfSSL_URI();
test_wolfSSL_TBS();
test_wolfSSL_X509_verify();
test_wolfSSL_X509_TLS_version();
test_wc_PemToDer();
test_wc_AllocDer();
test_wc_CertPemToDer();
test_wc_PubKeyPemToDer();
test_wc_PemPubKeyToDer();
/*OCSP Stapling. */
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS);
/* Multicast */
test_wolfSSL_mcast();
/* compatibility tests */
test_wolfSSL_lhash();
test_wolfSSL_X509_NAME();
test_wolfSSL_X509_NAME_hash();
#ifndef NO_BIO
test_wolfSSL_X509_INFO();
#endif
test_wolfSSL_X509_subject_name_hash();
test_wolfSSL_X509_issuer_name_hash();
test_wolfSSL_X509_check_host();
test_wolfSSL_X509_check_email();
test_wolfSSL_DES();
test_wolfSSL_certs();
test_wolfSSL_X509_check_private_key();
test_wolfSSL_ASN1_TIME_print();
test_wolfSSL_ASN1_UTCTIME_print();
test_wolfSSL_ASN1_TIME_diff();
test_wolfSSL_ASN1_GENERALIZEDTIME_free();
test_wolfSSL_private_keys();
test_wolfSSL_PEM_read_PrivateKey();
test_wolfSSL_PEM_PrivateKey();
#ifndef NO_BIO
test_wolfSSL_PEM_bio_RSAKey();
test_wolfSSL_PEM_bio_DSAKey();
test_wolfSSL_PEM_bio_ECKey();
test_wolfSSL_PEM_RSAPrivateKey();
test_wolfSSL_PEM_PUBKEY();
#endif
test_DSA_do_sign_verify();
test_wolfSSL_tmp_dh();
test_wolfSSL_ctrl();
test_wolfSSL_EVP_MD_size();
test_wolfSSL_EVP_MD_pkey_type();
test_wolfSSL_EVP_Digest();
test_wolfSSL_EVP_Digest_all();
test_wolfSSL_EVP_PKEY_new_mac_key();
test_wolfSSL_EVP_MD_hmac_signing();
test_wolfSSL_EVP_MD_rsa_signing();
test_wolfSSL_EVP_MD_ecc_signing();
test_wolfSSL_EVP_PKEY_print_public();
test_wolfSSL_EVP_ENCODE_CTX_new();
test_wolfSSL_EVP_ENCODE_CTX_free();
test_wolfSSL_EVP_EncodeInit();
test_wolfSSL_EVP_EncodeUpdate();
test_wolfSSL_EVP_EncodeFinal();
test_wolfSSL_EVP_DecodeInit();
test_wolfSSL_EVP_DecodeUpdate();
test_wolfSSL_EVP_DecodeFinal();
test_wolfSSL_CTX_add_extra_chain_cert();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
test_wolfSSL_ERR_peek_last_error_line();
#endif
#ifndef NO_BIO
test_wolfSSL_ERR_print_errors_cb();
AssertFalse(test_wolfSSL_GetLoggingCb());
AssertFalse(test_WOLFSSL_ERROR_MSG());
AssertFalse(test_wc_ERR_remove_state());
AssertFalse(test_wc_ERR_print_errors_fp());
#endif
test_wolfSSL_set_options();
test_wolfSSL_sk_SSL_CIPHER();
test_wolfSSL_set1_curves_list();
test_wolfSSL_set1_sigalgs_list();
test_wolfSSL_PKCS7_certs();
test_wolfSSL_X509_STORE_CTX();
test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup();
test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
test_wolfSSL_msgCb();
test_wolfSSL_either_side();
test_wolfSSL_DTLS_either_side();
test_generate_cookie();
test_wolfSSL_X509_STORE_set_flags();
test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_Name_canon();
test_wolfSSL_X509_LOOKUP_ctrl_file();
test_wolfSSL_X509_LOOKUP_ctrl_hash_dir();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_get0_param();
test_wolfSSL_X509_VERIFY_PARAM_set1_host();
test_wolfSSL_X509_VERIFY_PARAM_set1_ip();
test_wolfSSL_X509_STORE_CTX_get0_store();
test_wolfSSL_X509_STORE();
test_wolfSSL_X509_STORE_load_locations();
test_X509_STORE_get0_objects();
test_wolfSSL_X509_load_crl_file();
test_wolfSSL_BN();
test_wolfSSL_CTX_get0_set1_param();
#ifndef NO_BIO
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
#endif
test_wolfSSL_ASN1_STRING();
test_wolfSSL_ASN1_BIT_STRING();
test_wolfSSL_a2i_ASN1_INTEGER();
test_wolfSSL_a2i_IPADDRESS();
test_wolfSSL_X509();
test_wolfSSL_X509_VERIFY_PARAM();
test_wolfSSL_X509_sign();
test_wolfSSL_X509_sign2();
test_wolfSSL_X509_get0_tbs_sigalg();
test_wolfSSL_X509_ALGOR_get0();
test_wolfSSL_X509_get_X509_PUBKEY();
test_wolfSSL_X509_PUBKEY_RSA();
test_wolfSSL_X509_PUBKEY_EC();
test_wolfSSL_X509_PUBKEY_DSA();
test_wolfSSL_RAND();
test_wolfSSL_BUF();
test_wolfSSL_set_tlsext_status_type();
test_wolfSSL_ASN1_TIME_adj();
test_wolfSSL_ASN1_TIME_to_tm();
test_wolfSSL_X509_cmp_time();
test_wolfSSL_X509_time_adj();
test_wolfSSL_CTX_set_client_CA_list();
test_wolfSSL_CTX_add_client_CA();
test_wolfSSL_CTX_set_srp_username();
test_wolfSSL_CTX_set_srp_password();
test_wolfSSL_CTX_set_keylog_callback();
test_wolfSSL_CTX_get_keylog_callback();
test_wolfSSL_Tls12_Key_Logging_test();
test_wolfSSL_Tls13_Key_Logging_test();
test_wolfSSL_Tls13_postauth();
test_wolfSSL_CTX_set_ecdh_auto();
test_wolfSSL_set_minmax_proto_version();
test_wolfSSL_THREADID_hash();
test_wolfSSL_RAND_set_rand_method();
test_wolfSSL_RAND_bytes();
test_wolfSSL_BN_rand();
test_wolfSSL_pseudo_rand();
test_wolfSSL_PKCS8_Compat();
test_wolfSSL_PKCS8_d2i();
test_error_queue_per_thread();
test_wolfSSL_ERR_put_error();
#ifndef NO_BIO
test_wolfSSL_ERR_print_errors();
#endif
test_wolfSSL_HMAC();
test_wolfSSL_CMAC();
test_wolfSSL_OBJ();
test_wolfSSL_i2a_ASN1_OBJECT();
test_wolfSSL_OBJ_cmp();
test_wolfSSL_OBJ_txt2nid();
test_wolfSSL_OBJ_txt2obj();
test_wolfSSL_i2t_ASN1_OBJECT();
test_wolfSSL_PEM_write_bio_X509();
test_wolfSSL_X509_NAME_ENTRY();
test_wolfSSL_X509_set_name();
test_wolfSSL_X509_set_notAfter();
test_wolfSSL_X509_set_notBefore();
test_wolfSSL_X509_set_version();
#ifndef NO_BIO
test_wolfSSL_BIO_gets();
test_wolfSSL_BIO_puts();
test_wolfSSL_BIO_should_retry();
test_wolfSSL_d2i_PUBKEY();
test_wolfSSL_BIO_write();
test_wolfSSL_BIO_connect();
test_wolfSSL_BIO_accept();
test_wolfSSL_BIO_printf();
test_wolfSSL_BIO_f_md();
test_wolfSSL_BIO_up_ref();
#endif
test_wolfSSL_cert_cb();
test_wolfSSL_SESSION();
test_wolfSSL_ticket_keys();
test_wolfSSL_DES_ecb_encrypt();
test_wolfSSL_sk_GENERAL_NAME();
test_wolfSSL_GENERAL_NAME_print();
test_wolfSSL_sk_DIST_POINT();
test_wolfSSL_MD4();
test_wolfSSL_RSA();
test_wolfSSL_RSA_DER();
test_wolfSSL_RSA_get0_key();
test_wolfSSL_RSA_meth();
test_wolfSSL_verify_mode();
test_wolfSSL_verify_depth();
test_wolfSSL_HMAC_CTX();
test_wolfSSL_msg_callback();
test_wolfSSL_SHA();
test_wolfSSL_DH_1536_prime();
test_wolfSSL_PEM_write_DHparams();
test_wolfSSL_PEM_read_DHparams();
test_wolfSSL_AES_ecb_encrypt();
test_wolfSSL_MD5();
test_wolfSSL_MD5_Transform();
test_wolfSSL_SHA_Transform();
test_wolfSSL_SHA256();
test_wolfSSL_SHA256_Transform();
test_wolfSSL_SHA224();
test_wolfSSL_SHA512_Transform();
test_wolfSSL_X509_get_serialNumber();
test_wolfSSL_X509_CRL();
test_wolfSSL_d2i_X509_REQ();
test_wolfSSL_PEM_read_X509();
test_wolfSSL_PEM_read();
#ifndef NO_BIO
test_wolfSSL_PEM_X509_INFO_read_bio();
test_wolfSSL_PEM_read_bio_ECPKParameters();
#endif
test_wolfSSL_X509_STORE_get1_certs();
test_wolfSSL_X509_NAME_ENTRY_get_object();
test_wolfSSL_OpenSSL_add_all_algorithms();
test_wolfSSL_OPENSSL_hexstr2buf();
test_wolfSSL_ASN1_STRING_print_ex();
test_wolfSSL_ASN1_TIME_to_generalizedtime();
test_wolfSSL_ASN1_INTEGER_get_set();
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
test_wolfSSL_i2c_ASN1_INTEGER();
test_wolfSSL_X509_check_ca();
test_wolfSSL_X509_check_ip_asc();
test_wolfSSL_DC_cert();
test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt();
test_wolfssl_EVP_aes_gcm_AAD_2_parts();
test_wolfssl_EVP_aes_gcm();
test_wolfSSL_PKEY_up_ref();
test_wolfSSL_EVP_Cipher_extra();
test_wolfSSL_d2i_and_i2d_PublicKey();
test_wolfSSL_d2i_and_i2d_DSAparams();
test_wolfSSL_i2d_PrivateKey();
test_wolfSSL_OCSP_id_get0_info();
test_wolfSSL_i2d_OCSP_CERTID();
test_wolfSSL_OCSP_id_cmp();
test_wolfSSL_OCSP_SINGLERESP_get0_id();
test_wolfSSL_OCSP_single_get0_status();
test_wolfSSL_OCSP_resp_count();
test_wolfSSL_OCSP_resp_get0();
test_wolfSSL_EVP_PKEY_derive();
test_wolfSSL_EVP_PBE_scrypt();
#ifndef NO_RSA
test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#endif
test_wolfSSL_RSA_sign_sha3();
test_CONF_modules_xxx();
test_CRYPTO_set_dynlock_xxx();
test_CRYPTO_THREADID_xxx();
test_ENGINE_cleanup();
test_wolfSSL_EC_KEY_set_group();
#if defined(OPENSSL_ALL)
test_wolfSSL_X509_PUBKEY_get();
test_wolfSSL_sk_CIPHER_description();
test_wolfSSL_get_ciphers_compat();
test_wolfSSL_d2i_DHparams();
test_wolfSSL_i2d_DHparams();
test_wolfSSL_ASN1_STRING_to_UTF8();
test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
test_wolfSSL_EC_KEY_dup();
test_wolfSSL_EVP_PKEY_set1_get1_DSA();
test_wolfSSL_DSA_SIG();
test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
test_wolfSSL_EVP_PKEY_set1_get1_DH();
test_wolfSSL_CTX_ctrl();
test_wolfSSL_DH_check();
test_wolfSSL_EVP_PKEY_assign();
test_wolfSSL_EVP_PKEY_base_id();
test_wolfSSL_EVP_PKEY_id();
test_wolfSSL_EVP_PKEY_keygen();
test_wolfSSL_EVP_PKEY_keygen_init();
test_wolfSSL_EVP_PKEY_missing_parameters();
test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits();
test_wolfSSL_EVP_CIPHER_CTX_iv_length();
test_wolfSSL_EVP_CIPHER_CTX_key_length();
test_wolfSSL_EVP_CIPHER_CTX_set_key_length();
test_wolfSSL_EVP_CIPHER_CTX_set_iv();
test_wolfSSL_EVP_PKEY_CTX_new_id();
test_wolfSSL_EVP_rc4();
test_wolfSSL_EVP_enc_null();
test_wolfSSL_EVP_rc2_cbc();
test_wolfSSL_EVP_mdc2();
test_wolfSSL_EVP_md4();
test_wolfSSL_EVP_aes_256_gcm();
test_wolfSSL_EVP_aes_192_gcm();
test_wolfSSL_EVP_ripemd160();
test_wolfSSL_EVP_get_digestbynid();
test_wolfSSL_EVP_MD_nid();
test_wolfSSL_EVP_PKEY_get0_EC_KEY();
test_wolfSSL_EVP_X_STATE();
test_wolfSSL_EVP_X_STATE_LEN();
test_wolfSSL_EVP_CIPHER_block_size();
test_wolfSSL_EVP_CIPHER_iv_length();
test_wolfSSL_EVP_SignInit_ex();
test_wolfSSL_EVP_DigestFinal_ex();
test_wolfSSL_EVP_PKEY_assign_DH();
test_wolfSSL_EVP_BytesToKey();
test_wolfSSL_EVP_PKEY_param_check();
test_wolfSSL_QT_EVP_PKEY_CTX_free();
test_IncCtr();
test_wolfSSL_OBJ_ln();
test_wolfSSL_OBJ_sn();
test_wolfSSL_TXT_DB();
test_wolfSSL_NCONF();
#endif /* OPENSSL_ALL */
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
#ifndef NO_BIO
test_wolfSSL_d2i_PrivateKeys_bio();
#endif
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
test_wolfSSL_X509_CA_num();
test_wolfSSL_X509_get_version();
#ifndef NO_BIO
test_wolfSSL_X509_print();
test_wolfSSL_BIO_get_len();
#endif
test_wolfSSL_RSA_verify();
test_wolfSSL_X509V3_EXT_get();
test_wolfSSL_X509V3_EXT_nconf();
test_wolfSSL_X509V3_EXT();
test_wolfSSL_X509_get_extension_flags();
test_wolfSSL_X509_get_ext();
test_wolfSSL_X509_get_ext_by_NID();
test_wolfSSL_X509_get_ext_subj_alt_name();
test_wolfSSL_X509_get_ext_count();
test_wolfSSL_X509_EXTENSION_new();
test_wolfSSL_X509_EXTENSION_get_object();
test_wolfSSL_X509_EXTENSION_get_data();
test_wolfSSL_X509_EXTENSION_get_critical();
test_wolfSSL_X509V3_EXT_print();
test_wolfSSL_X509_cmp();
#ifndef NO_BIO
test_wolfSSL_RSA_print();
test_wolfSSL_ASN1_STRING_print();
#endif
test_wolfSSL_ASN1_get_object();
test_openssl_generate_key_and_cert();
test_wolfSSL_EC_get_builtin_curves();
test_wolfSSL_CRYPTO_memcmp();
test_wolfSSL_read_detect_TCP_disconnect();
/* test the no op functions for compatibility */
test_no_op_functions();
/* OpenSSL EVP_PKEY API tests */
test_EVP_PKEY_rsa();
test_wolfSSL_EVP_PKEY_encrypt();
test_wolfSSL_EVP_PKEY_sign();
test_EVP_PKEY_ec();
test_EVP_PKEY_cmp();
/* OpenSSL error API tests */
test_ERR_load_crypto_strings();
/* OpenSSL sk_X509 API test */
test_sk_X509();
/* OpenSSL X509 API test */
test_X509_get_signature_nid();
/* OpenSSL X509 REQ API test */
test_X509_REQ();
/* OpenSSL PKCS7 API test */
test_wolfssl_PKCS7();
test_wolfSSL_PKCS7_SIGNED_new();
#ifndef NO_BIO
test_wolfSSL_PEM_write_bio_PKCS7();
#ifdef HAVE_SMIME
test_wolfSSL_SMIME_read_PKCS7();
#endif
#endif
/* wolfCrypt ASN tests */
test_wc_CreateEncryptedPKCS8Key();
test_wc_GetPkcs8TraditionalOffset();
test_wc_SetSubjectRaw();
test_wc_GetSubjectRaw();
test_wc_SetIssuerRaw();
test_wc_SetIssueBuffer();
test_wc_SetSubjectKeyId();
test_wc_SetSubject();
test_CheckCertSignature();
/* wolfCrypt ECC tests */
test_wc_ecc_get_curve_size_from_name();
test_wc_ecc_get_curve_id_from_name();
test_wc_ecc_get_curve_id_from_params();
#ifdef WOLFSSL_TLS13
/* TLS v1.3 API tests */
test_tls13_apis();
#endif
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
/* Bad certificate signature tests */
AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E);
AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E);
#endif /* NO_CERTS */
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
/* public key callback tests */
test_DhCallbacks();
#endif
#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
test_export_keying_material();
#endif /* HAVE_KEYING_MATERIAL */
test_wolfSSL_CTX_get_min_proto_version();
test_wolfSSL_security_level();
test_wolfSSL_SSL_in_init();
test_wolfSSL_EC_curve();
test_wolfSSL_CTX_set_timeout();
test_wolfSSL_OpenSSL_version();
test_wolfSSL_set_psk_use_session_callback();
test_CONF_CTX_FILE();
test_CONF_CTX_CMDLINE();
test_wolfSSL_CRYPTO_get_ex_new_index();
test_wolfSSL_DH();
/*wolfcrypt */
printf("\n-----------------wolfcrypt unit tests------------------\n");
AssertFalse(test_wolfCrypt_Init());
AssertFalse(test_wc_InitMd5());
AssertFalse(test_wc_Md5Update());
AssertFalse(test_wc_Md5Final());
AssertFalse(test_wc_InitSha());
AssertFalse(test_wc_ShaUpdate());
AssertFalse(test_wc_ShaFinal());
AssertFalse(test_wc_InitSha256());
AssertFalse(test_wc_Sha256Update());
AssertFalse(test_wc_Sha256Final());
AssertFalse(test_wc_Sha256FinalRaw());
AssertFalse(test_wc_Sha256GetFlags());
AssertFalse(test_wc_Sha256Free());
AssertFalse(test_wc_Sha256GetHash());
AssertFalse(test_wc_Sha256Copy());
AssertFalse(test_wc_InitSha512());
AssertFalse(test_wc_Sha512Update());
AssertFalse(test_wc_Sha512Final());
AssertFalse(test_wc_Sha512GetFlags());
AssertFalse(test_wc_Sha512FinalRaw());
AssertFalse(test_wc_Sha512Free());
AssertFalse(test_wc_Sha512GetHash());
AssertFalse(test_wc_Sha512Copy());
AssertFalse(test_wc_InitSha512_224());
AssertFalse(test_wc_Sha512_224Update());
AssertFalse(test_wc_Sha512_224Final());
AssertFalse(test_wc_Sha512_224GetFlags());
AssertFalse(test_wc_Sha512_224FinalRaw());
AssertFalse(test_wc_Sha512_224Free());
AssertFalse(test_wc_Sha512_224GetHash());
AssertFalse(test_wc_Sha512_224Copy());
AssertFalse(test_wc_InitSha512_256());
AssertFalse(test_wc_Sha512_256Update());
AssertFalse(test_wc_Sha512_256Final());
AssertFalse(test_wc_Sha512_256GetFlags());
AssertFalse(test_wc_Sha512_256FinalRaw());
AssertFalse(test_wc_Sha512_256Free());
AssertFalse(test_wc_Sha512_256GetHash());
AssertFalse(test_wc_Sha512_256Copy());
AssertFalse(test_wc_InitSha384());
AssertFalse(test_wc_Sha384Update());
AssertFalse(test_wc_Sha384Final());
AssertFalse(test_wc_Sha384GetFlags());
AssertFalse(test_wc_Sha384FinalRaw());
AssertFalse(test_wc_Sha384Free());
AssertFalse(test_wc_Sha384GetHash());
AssertFalse(test_wc_Sha384Copy());
AssertFalse(test_wc_InitSha224());
AssertFalse(test_wc_Sha224Update());
AssertFalse(test_wc_Sha224Final());
AssertFalse(test_wc_Sha224SetFlags());
AssertFalse(test_wc_Sha224GetFlags());
AssertFalse(test_wc_Sha224Free());
AssertFalse(test_wc_Sha224GetHash());
AssertFalse(test_wc_Sha224Copy());
AssertFalse(test_wc_InitBlake2b());
AssertFalse(test_wc_InitBlake2b_WithKey());
AssertFalse(test_wc_InitBlake2s_WithKey());
AssertFalse(test_wc_InitRipeMd());
AssertFalse(test_wc_RipeMdUpdate());
AssertFalse(test_wc_RipeMdFinal());
AssertIntEQ(test_wc_InitSha3(), 0);
AssertIntEQ(testing_wc_Sha3_Update(), 0);
AssertIntEQ(test_wc_Sha3_224_Final(), 0);
AssertIntEQ(test_wc_Sha3_256_Final(), 0);
AssertIntEQ(test_wc_Sha3_384_Final(), 0);
AssertIntEQ(test_wc_Sha3_512_Final(), 0);
AssertIntEQ(test_wc_Sha3_224_Copy(), 0);
AssertIntEQ(test_wc_Sha3_256_Copy(), 0);
AssertIntEQ(test_wc_Sha3_384_Copy(), 0);
AssertIntEQ(test_wc_Sha3_512_Copy(), 0);
AssertIntEQ(test_wc_Sha3_GetFlags(), 0);
AssertIntEQ(test_wc_InitShake256(), 0);
AssertIntEQ(testing_wc_Shake256_Update(), 0);
AssertIntEQ(test_wc_Shake256_Final(), 0);
AssertIntEQ(test_wc_Shake256_Copy(), 0);
AssertIntEQ(test_wc_Shake256Hash(), 0);
AssertFalse(test_wc_Md5HmacSetKey());
AssertFalse(test_wc_Md5HmacUpdate());
AssertFalse(test_wc_Md5HmacFinal());
AssertFalse(test_wc_ShaHmacSetKey());
AssertFalse(test_wc_ShaHmacUpdate());
AssertFalse(test_wc_ShaHmacFinal());
AssertFalse(test_wc_Sha224HmacSetKey());
AssertFalse(test_wc_Sha224HmacUpdate());
AssertFalse(test_wc_Sha224HmacFinal());
AssertFalse(test_wc_Sha256HmacSetKey());
AssertFalse(test_wc_Sha256HmacUpdate());
AssertFalse(test_wc_Sha256HmacFinal());
AssertFalse(test_wc_Sha384HmacSetKey());
AssertFalse(test_wc_Sha384HmacUpdate());
AssertFalse(test_wc_Sha384HmacFinal());
AssertIntEQ(test_wc_HashInit(), 0);
AssertIntEQ(test_wc_HashSetFlags(), 0);
AssertIntEQ(test_wc_HashGetFlags(), 0);
AssertIntEQ(test_wc_InitCmac(), 0);
AssertIntEQ(test_wc_CmacUpdate(), 0);
AssertIntEQ(test_wc_CmacFinal(), 0);
AssertIntEQ(test_wc_AesCmacGenerate(), 0);
AssertIntEQ(test_wc_AesGcmStream(), 0);
AssertIntEQ(test_wc_Des3_SetIV(), 0);
AssertIntEQ(test_wc_Des3_SetKey(), 0);
AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0);
AssertIntEQ(test_wc_Des3_EcbEncrypt(), 0);
AssertIntEQ(test_wc_IdeaSetKey(), 0);
AssertIntEQ(test_wc_IdeaSetIV(), 0);
AssertIntEQ(test_wc_IdeaCipher(), 0);
AssertIntEQ(test_wc_IdeaCbcEncyptDecrypt(), 0);
AssertIntEQ(test_wc_Chacha_SetKey(), 0);
AssertIntEQ(test_wc_Chacha_Process(), 0);
AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0);
AssertIntEQ(test_wc_Poly1305SetKey(), 0);
AssertIntEQ(test_wc_CamelliaSetKey(), 0);
AssertIntEQ(test_wc_CamelliaSetIV(), 0);
AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0);
AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_RabbitSetKey(), 0);
AssertIntEQ(test_wc_RabbitProcess(), 0);
AssertIntEQ(test_wc_Arc4SetKey(), 0);
AssertIntEQ(test_wc_Arc4Process(), 0);
AssertIntEQ(test_wc_Rc2SetKey(), 0);
AssertIntEQ(test_wc_Rc2SetIV(), 0);
AssertIntEQ(test_wc_Rc2EcbEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Rc2CbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesSetKey(), 0);
AssertIntEQ(test_wc_AesSetIV(), 0);
AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesGcmSetKey(), 0);
AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0);
AssertIntEQ(test_wc_GmacSetKey(), 0);
AssertIntEQ(test_wc_GmacUpdate(), 0);
AssertIntEQ(test_wc_InitRsaKey(), 0);
AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0);
AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0);
AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0);
AssertIntEQ(test_wc_MakeRsaKey(), 0);
AssertIntEQ(test_wc_SetKeyUsage (), 0);
AssertIntEQ(test_wc_CheckProbablePrime (), 0);
AssertIntEQ(test_wc_RsaPSS_Verify (), 0);
AssertIntEQ(test_wc_RsaPSS_VerifyCheck (), 0);
AssertIntEQ(test_wc_RsaPSS_VerifyCheckInline (), 0);
AssertIntEQ(test_wc_SetMutexCb(), 0);
AssertIntEQ(test_wc_LockMutex_ex(), 0);
AssertIntEQ(test_wc_RsaKeyToDer(), 0);
AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0);
AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0);
AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0);
AssertIntEQ(test_wc_RsaEncryptSize(), 0);
AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0);
AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0);
AssertIntEQ(test_RsaDecryptBoundsCheck(), 0);
AssertIntEQ(test_wc_AesCcmSetKey(), 0);
AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Hc128_SetKey(), 0);
AssertIntEQ(test_wc_Hc128_Process(), 0);
AssertIntEQ(test_wc_InitDsaKey(), 0);
AssertIntEQ(test_wc_DsaSignVerify(), 0);
AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
AssertIntEQ(test_wc_MakeDsaKey(), 0);
AssertIntEQ(test_wc_DsaKeyToDer(), 0);
AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0);
AssertIntEQ(test_wc_DsaImportParamsRaw(), 0);
AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0);
AssertIntEQ(test_wc_DsaExportParamsRaw(), 0);
AssertIntEQ(test_wc_DsaExportKeyRaw(), 0);
AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0);
AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0);
wolfCrypt_Cleanup();
#ifdef OPENSSL_EXTRA
/*wolfSSL_EVP_get_cipherbynid test*/
test_wolfSSL_EVP_get_cipherbynid();
test_wolfSSL_EVP_CIPHER_CTX();
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
test_wolfSSL_EC();
#endif
test_wolfSSL_ECDSA_SIG();
test_ECDSA_size_sign();
test_ED25519();
test_ED448();
test_EC_i2d();
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
!defined(HAVE_SELFTEST) && \
!(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
test_wc_ecc_get_curve_id_from_dp_params();
#endif
#ifdef HAVE_HASHDRBG
#ifdef TEST_RESEED_INTERVAL
AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0);
#endif
AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
#endif
AssertIntEQ(test_get_rand_digit(), 0);
AssertIntEQ(test_get_digit_count(), 0);
AssertIntEQ(test_mp_cond_copy(), 0);
AssertIntEQ(test_mp_rand(), 0);
AssertIntEQ(test_get_digit(), 0);
AssertIntEQ(test_wc_export_int(), 0);
AssertIntEQ(test_wc_InitRngNonce(), 0);
AssertIntEQ(test_wc_InitRngNonce_ex(), 0);
AssertIntEQ(test_wc_ed25519_make_key(), 0);
AssertIntEQ(test_wc_ed25519_init(), 0);
AssertIntEQ(test_wc_ed25519_sign_msg(), 0);
AssertIntEQ(test_wc_ed25519_import_public(), 0);
AssertIntEQ(test_wc_ed25519_import_private_key(), 0);
AssertIntEQ(test_wc_ed25519_export(), 0);
AssertIntEQ(test_wc_ed25519_size(), 0);
AssertIntEQ(test_wc_ed25519_exportKey(), 0);
AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0);
AssertIntEQ(test_wc_curve25519_init(), 0);
AssertIntEQ(test_wc_curve25519_size(), 0);
AssertIntEQ(test_wc_curve25519_export_key_raw(), 0);
AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0);
AssertIntEQ(test_wc_curve25519_size (), 0);
AssertIntEQ(test_wc_curve25519_make_key (), 0);
AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
AssertIntEQ(test_wc_curve25519_make_pub (), 0);
AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve25519_import_private (), 0);
AssertIntEQ(test_wc_ed448_make_key(), 0);
AssertIntEQ(test_wc_ed448_init(), 0);
AssertIntEQ(test_wc_ed448_sign_msg(), 0);
AssertIntEQ(test_wc_ed448_import_public(), 0);
AssertIntEQ(test_wc_ed448_import_private_key(), 0);
AssertIntEQ(test_wc_ed448_export(), 0);
AssertIntEQ(test_wc_ed448_size(), 0);
AssertIntEQ(test_wc_ed448_exportKey(), 0);
AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0);
AssertIntEQ(test_wc_curve448_make_key (), 0);
AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0);
AssertIntEQ(test_wc_curve448_export_public_ex (), 0);
AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve448_export_key_raw (), 0);
AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve448_import_private (), 0);
AssertIntEQ(test_wc_curve448_init(), 0);
AssertIntEQ(test_wc_curve448_size (), 0);
AssertIntEQ(test_wc_ecc_make_key(), 0);
AssertIntEQ(test_wc_ecc_init(), 0);
AssertIntEQ(test_wc_ecc_check_key(), 0);
AssertIntEQ(test_wc_ecc_get_generator(), 0);
AssertIntEQ(test_wc_ecc_size(), 0);
test_wc_ecc_params();
AssertIntEQ(test_wc_ecc_signVerify_hash(), 0);
PRIVATE_KEY_UNLOCK();
AssertIntEQ(test_wc_ecc_shared_secret(), 0);
AssertIntEQ(test_wc_ecc_export_x963(), 0);
PRIVATE_KEY_LOCK();
AssertIntEQ(test_wc_ecc_export_x963_ex(), 0);
AssertIntEQ(test_wc_ecc_import_x963(), 0);
AssertIntEQ(ecc_import_private_key(), 0);
AssertIntEQ(test_wc_ecc_export_private_only(), 0);
AssertIntEQ(test_wc_ecc_rs_to_sig(), 0);
AssertIntEQ(test_wc_ecc_import_raw(), 0);
AssertIntEQ(test_wc_ecc_import_unsigned(), 0);
AssertIntEQ(test_wc_ecc_sig_size(), 0);
AssertIntEQ(test_wc_ecc_ctx_new(), 0);
AssertIntEQ(test_wc_ecc_ctx_reset(), 0);
AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0);
AssertIntEQ(test_wc_ecc_ctx_set_info(), 0);
AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0);
AssertIntEQ(test_wc_ecc_del_point(), 0);
AssertIntEQ(test_wc_ecc_pointFns(), 0);
AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0);
AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
AssertIntEQ(test_wc_ecc_mulmod(), 0);
AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
AssertIntEQ(test_wc_ecc_get_curve_id_from_oid(), 0);
AssertIntEQ(test_wc_ecc_sig_size_calc(), 0);
AssertIntEQ(test_ToTraditional(), 0);
AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0);
AssertIntEQ(test_wc_DhPublicKeyDecode(), 0);
AssertIntEQ(test_wc_Ed25519KeyToDer(), 0);
AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0);
AssertIntEQ(test_wc_Ed448KeyToDer(), 0);
AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0);
AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0);
AssertIntEQ(test_wc_SetSubjectBuffer(), 0);
AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0);
test_wc_PKCS7_New();
test_wc_PKCS7_Init();
test_wc_PKCS7_InitWithCert();
test_wc_PKCS7_EncodeData();
test_wc_PKCS7_EncodeSignedData();
test_wc_PKCS7_EncodeSignedData_ex();
test_wc_PKCS7_VerifySignedData();
test_wc_PKCS7_EncodeDecodeEnvelopedData();
test_wc_PKCS7_EncodeEncryptedData();
test_wc_PKCS7_Degenerate();
test_wc_PKCS7_BER();
test_PKCS7_signed_enveloped();
test_wc_PKCS7_NoDefaultSignedAttribs();
test_wc_PKCS7_SetOriEncryptCtx();
test_wc_PKCS7_SetOriDecryptCtx();
test_wc_PKCS7_DecodeCompressedData();
test_wc_i2d_PKCS12();
test_wolfSSL_CTX_LoadCRL();
test_wc_CryptoCb();
test_wolfSSL_CTX_StaticMemory();
AssertIntEQ(test_ForceZero(), 0);
AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS);
#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS);
#endif
/* If at some point a stub get implemented this test should fail indicating
* a need to implement a new test case
*/
test_stubs_are_stubs();
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
&& (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
wc_ecc_fp_free(); /* free per thread cache */
#endif
wolfSSL_Cleanup();
(void)devId;
printf(" End API Tests\n");
}
Reference in New Issue View Git Blame Copy Permalink