3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <cyassl/ctaocrypt/settings.h>
29 #include <stdlib.h> /* we're using malloc / free direct here */
34 #ifdef CYASSL_TEST_CERT
35 #include <cyassl/ctaocrypt/asn.h>
37 #include <cyassl/ctaocrypt/asn_public.h>
39 #include <cyassl/ctaocrypt/md2.h>
40 #include <cyassl/ctaocrypt/md5.h>
41 #include <cyassl/ctaocrypt/md4.h>
42 #include <cyassl/ctaocrypt/sha.h>
43 #include <cyassl/ctaocrypt/sha256.h>
44 #include <cyassl/ctaocrypt/sha512.h>
45 #include <cyassl/ctaocrypt/arc4.h>
46 #include <cyassl/ctaocrypt/random.h>
47 #include <cyassl/ctaocrypt/coding.h>
48 #include <cyassl/ctaocrypt/rsa.h>
49 #include <cyassl/ctaocrypt/des3.h>
50 #include <cyassl/ctaocrypt/aes.h>
51 #include <cyassl/ctaocrypt/camellia.h>
52 #include <cyassl/ctaocrypt/hmac.h>
53 #include <cyassl/ctaocrypt/dh.h>
54 #include <cyassl/ctaocrypt/dsa.h>
55 #include <cyassl/ctaocrypt/hc128.h>
56 #include <cyassl/ctaocrypt/rabbit.h>
57 #include <cyassl/ctaocrypt/pwdbased.h>
58 #include <cyassl/ctaocrypt/ripemd.h>
60 #include <cyassl/ctaocrypt/ecc.h>
63 #include <cyassl/ctaocrypt/blake2.h>
66 #include <cyassl/ctaocrypt/compress.h>
69 #include <cyassl/ctaocrypt/pkcs7.h>
73 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
74 #pragma warning(disable: 4996)
78 #include <cyassl/openssl/evp.h>
79 #include <cyassl/openssl/rand.h>
80 #include <cyassl/openssl/hmac.h>
81 #include <cyassl/openssl/des.h>
85 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)
86 /* include test cert and key buffers for use with NO_FILESYSTEM */
87 #if defined(CYASSL_MDK_ARM)
88 #include "cert_data.h"
89 /* use certs_test.c for initial data, so other
90 commands can share the data. */
92 #include <cyassl/certs_test.h>
96 #if defined(CYASSL_MDK_ARM)
99 extern FILE * CyaSSL_fopen(const char *fname, const char *mode) ;
100 #define fopen CyaSSL_fopen
104 #include "crypto_ntru.h"
107 #include "cavium_sysdep.h"
108 #include "cavium_common.h"
109 #include "cavium_ioctl.h"
122 /* since just testing, use THREADX log printf instead */
123 int dc_log_printf(char*, ...);
125 #define printf dc_log_printf
128 #include "ctaocrypt/test/test.h"
131 typedef struct testVector {
142 int sha256_test(void);
143 int sha512_test(void);
144 int sha384_test(void);
145 int hmac_md5_test(void);
146 int hmac_sha_test(void);
147 int hmac_sha256_test(void);
148 int hmac_sha384_test(void);
149 int hmac_sha512_test(void);
150 int hmac_blake2b_test(void);
153 int hc128_test(void);
154 int rabbit_test(void);
158 int aesgcm_test(void);
160 int aesccm_test(void);
161 int camellia_test(void);
165 int random_test(void);
166 int pwdbased_test(void);
167 int ripemd_test(void);
168 int openssl_test(void); /* test mini api */
169 int pbkdf1_test(void);
170 int pkcs12_test(void);
171 int pbkdf2_test(void);
174 #ifdef HAVE_ECC_ENCRYPT
175 int ecc_encrypt_test(void);
179 int blake2b_test(void);
182 int compress_test(void);
185 int pkcs7enveloped_test(void);
186 int pkcs7signed_test(void);
191 static void err_sys(const char* msg, int es)
193 printf("%s error = %d\n", msg, es);
194 #if !defined(THREADX) && !defined(CYASSL_MDK_ARM)
201 /* func_args from test.h, so don't have to pull in other junk */
202 typedef struct func_args {
210 void ctaocrypt_test(void* args)
214 ((func_args*)args)->return_code = -1; /* error state */
216 #if !defined(NO_BIG_INT)
217 if (CheckCtcSettings() != 1)
218 err_sys("Build vs runtime math mismatch\n", -1234);
221 if (CheckFastMathSettings() != 1)
222 err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
223 #endif /* USE_FAST_MATH */
224 #endif /* !NO_BIG_INT */
228 if ( (ret = md5_test()) != 0)
229 err_sys("MD5 test failed!\n", ret);
231 printf( "MD5 test passed!\n");
235 if ( (ret = md2_test()) != 0)
236 err_sys("MD2 test failed!\n", ret);
238 printf( "MD2 test passed!\n");
242 if ( (ret = md4_test()) != 0)
243 err_sys("MD4 test failed!\n", ret);
245 printf( "MD4 test passed!\n");
249 if ( (ret = sha_test()) != 0)
250 err_sys("SHA test failed!\n", ret);
252 printf( "SHA test passed!\n");
256 if ( (ret = sha256_test()) != 0)
257 err_sys("SHA-256 test failed!\n", ret);
259 printf( "SHA-256 test passed!\n");
263 if ( (ret = sha384_test()) != 0)
264 err_sys("SHA-384 test failed!\n", ret);
266 printf( "SHA-384 test passed!\n");
270 if ( (ret = sha512_test()) != 0)
271 err_sys("SHA-512 test failed!\n", ret);
273 printf( "SHA-512 test passed!\n");
277 if ( (ret = ripemd_test()) != 0)
278 err_sys("RIPEMD test failed!\n", ret);
280 printf( "RIPEMD test passed!\n");
284 if ( (ret = blake2b_test()) != 0)
285 err_sys("BLAKE2b test failed!\n", ret);
287 printf( "BLAKE2b test passed!\n");
292 if ( (ret = hmac_md5_test()) != 0)
293 err_sys("HMAC-MD5 test failed!\n", ret);
295 printf( "HMAC-MD5 test passed!\n");
299 if ( (ret = hmac_sha_test()) != 0)
300 err_sys("HMAC-SHA test failed!\n", ret);
302 printf( "HMAC-SHA test passed!\n");
306 if ( (ret = hmac_sha256_test()) != 0)
307 err_sys("HMAC-SHA256 test failed!\n", ret);
309 printf( "HMAC-SHA256 test passed!\n");
313 if ( (ret = hmac_sha384_test()) != 0)
314 err_sys("HMAC-SHA384 test failed!\n", ret);
316 printf( "HMAC-SHA384 test passed!\n");
320 if ( (ret = hmac_sha512_test()) != 0)
321 err_sys("HMAC-SHA512 test failed!\n", ret);
323 printf( "HMAC-SHA512 test passed!\n");
327 if ( (ret = hmac_blake2b_test()) != 0)
328 err_sys("HMAC-BLAKE2 test failed!\n", ret);
330 printf( "HMAC-BLAKE2 test passed!\n");
334 if ( (ret = hkdf_test()) != 0)
335 err_sys("HMAC-KDF test failed!\n", ret);
337 printf( "HMAC-KDF test passed!\n");
343 if ( (ret = gmac_test()) != 0)
344 err_sys("GMAC test passed!\n", ret);
346 printf( "GMAC test passed!\n");
350 if ( (ret = arc4_test()) != 0)
351 err_sys("ARC4 test failed!\n", ret);
353 printf( "ARC4 test passed!\n");
357 if ( (ret = hc128_test()) != 0)
358 err_sys("HC-128 test failed!\n", ret);
360 printf( "HC-128 test passed!\n");
364 if ( (ret = rabbit_test()) != 0)
365 err_sys("Rabbit test failed!\n", ret);
367 printf( "Rabbit test passed!\n");
371 if ( (ret = des_test()) != 0)
372 err_sys("DES test failed!\n", ret);
374 printf( "DES test passed!\n");
378 if ( (ret = des3_test()) != 0)
379 err_sys("DES3 test failed!\n", ret);
381 printf( "DES3 test passed!\n");
385 if ( (ret = aes_test()) != 0)
386 err_sys("AES test failed!\n", ret);
388 printf( "AES test passed!\n");
391 if ( (ret = aesgcm_test()) != 0)
392 err_sys("AES-GCM test failed!\n", ret);
394 printf( "AES-GCM test passed!\n");
398 if ( (ret = aesccm_test()) != 0)
399 err_sys("AES-CCM test failed!\n", ret);
401 printf( "AES-CCM test passed!\n");
406 if ( (ret = camellia_test()) != 0)
407 err_sys("CAMELLIA test failed!\n", ret);
409 printf( "CAMELLIA test passed!\n");
412 if ( (ret = random_test()) != 0)
413 err_sys("RANDOM test failed!\n", ret);
415 printf( "RANDOM test passed!\n");
418 if ( (ret = rsa_test()) != 0)
419 err_sys("RSA test failed!\n", ret);
421 printf( "RSA test passed!\n");
425 if ( (ret = dh_test()) != 0)
426 err_sys("DH test failed!\n", ret);
428 printf( "DH test passed!\n");
432 if ( (ret = dsa_test()) != 0)
433 err_sys("DSA test failed!\n", ret);
435 printf( "DSA test passed!\n");
439 if ( (ret = pwdbased_test()) != 0)
440 err_sys("PWDBASED test failed!\n", ret);
442 printf( "PWDBASED test passed!\n");
446 if ( (ret = openssl_test()) != 0)
447 err_sys("OPENSSL test failed!\n", ret);
449 printf( "OPENSSL test passed!\n");
453 if ( (ret = ecc_test()) != 0)
454 err_sys("ECC test failed!\n", ret);
456 printf( "ECC test passed!\n");
457 #ifdef HAVE_ECC_ENCRYPT
458 if ( (ret = ecc_encrypt_test()) != 0)
459 err_sys("ECC Enc test failed!\n", ret);
461 printf( "ECC Enc test passed!\n");
466 if ( (ret = compress_test()) != 0)
467 err_sys("COMPRESS test failed!\n", ret);
469 printf( "COMPRESS test passed!\n");
473 if ( (ret = pkcs7enveloped_test()) != 0)
474 err_sys("PKCS7enveloped test failed!\n", ret);
476 printf( "PKCS7enveloped test passed!\n");
478 if ( (ret = pkcs7signed_test()) != 0)
479 err_sys("PKCS7signed test failed!\n", ret);
481 printf( "PKCS7signed test passed!\n");
484 ((func_args*)args)->return_code = ret;
488 #ifndef NO_MAIN_DRIVER
492 static int OpenNitroxDevice(int dma_mode,int dev_id)
494 Csp1CoreAssignment core_assign;
497 if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
499 if (Csp1GetDevType(&device))
501 if (device != NPX_DEVICE) {
502 if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
503 (Uint32 *)&core_assign)!= 0)
506 CspShutdown(CAVIUM_DEV_ID);
508 return CspInitialize(dma_mode, dev_id);
511 #endif /* HAVE_CAVIUM */
513 /* so overall tests can pull in test function */
515 int main(int argc, char** argv)
522 int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
524 err_sys("Cavium OpenNitroxDevice failed", -1236);
525 #endif /* HAVE_CAVIUM */
530 ctaocrypt_test(&args);
533 CspShutdown(CAVIUM_DEV_ID);
536 return args.return_code;
539 #endif /* NO_MAIN_DRIVER */
546 byte hash[MD2_DIGEST_SIZE];
548 testVector a, b, c, d, e, f, g;
549 testVector test_md2[7];
550 int times = sizeof(test_md2) / sizeof(testVector), i;
553 a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
555 a.inLen = strlen(a.input);
556 a.outLen = MD2_DIGEST_SIZE;
559 b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
561 b.inLen = strlen(b.input);
562 b.outLen = MD2_DIGEST_SIZE;
565 c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
567 c.inLen = strlen(c.input);
568 c.outLen = MD2_DIGEST_SIZE;
570 d.input = "message digest";
571 d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
573 d.inLen = strlen(d.input);
574 d.outLen = MD2_DIGEST_SIZE;
576 e.input = "abcdefghijklmnopqrstuvwxyz";
577 e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
579 e.inLen = strlen(e.input);
580 e.outLen = MD2_DIGEST_SIZE;
582 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
584 f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
586 f.inLen = strlen(f.input);
587 f.outLen = MD2_DIGEST_SIZE;
589 g.input = "1234567890123456789012345678901234567890123456789012345678"
590 "9012345678901234567890";
591 g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
593 g.inLen = strlen(g.input);
594 g.outLen = MD2_DIGEST_SIZE;
606 for (i = 0; i < times; ++i) {
607 Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
608 Md2Final(&md2, hash);
610 if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
622 byte hash[MD5_DIGEST_SIZE];
624 testVector a, b, c, d, e;
625 testVector test_md5[5];
626 int times = sizeof(test_md5) / sizeof(testVector), i;
629 a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
631 a.inLen = strlen(a.input);
632 a.outLen = MD5_DIGEST_SIZE;
634 b.input = "message digest";
635 b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
637 b.inLen = strlen(b.input);
638 b.outLen = MD5_DIGEST_SIZE;
640 c.input = "abcdefghijklmnopqrstuvwxyz";
641 c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
643 c.inLen = strlen(c.input);
644 c.outLen = MD5_DIGEST_SIZE;
646 d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
648 d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
650 d.inLen = strlen(d.input);
651 d.outLen = MD5_DIGEST_SIZE;
653 e.input = "1234567890123456789012345678901234567890123456789012345678"
654 "9012345678901234567890";
655 e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
657 e.inLen = strlen(e.input);
658 e.outLen = MD5_DIGEST_SIZE;
668 for (i = 0; i < times; ++i) {
669 Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
670 Md5Final(&md5, hash);
672 if (memcmp(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
686 byte hash[MD4_DIGEST_SIZE];
688 testVector a, b, c, d, e, f, g;
689 testVector test_md4[7];
690 int times = sizeof(test_md4) / sizeof(testVector), i;
693 a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
695 a.inLen = strlen(a.input);
696 a.outLen = MD4_DIGEST_SIZE;
699 b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
701 b.inLen = strlen(b.input);
702 b.outLen = MD4_DIGEST_SIZE;
705 c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
707 c.inLen = strlen(c.input);
708 c.outLen = MD4_DIGEST_SIZE;
710 d.input = "message digest";
711 d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
713 d.inLen = strlen(d.input);
714 d.outLen = MD4_DIGEST_SIZE;
716 e.input = "abcdefghijklmnopqrstuvwxyz";
717 e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
719 e.inLen = strlen(e.input);
720 e.outLen = MD4_DIGEST_SIZE;
722 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
724 f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
726 f.inLen = strlen(f.input);
727 f.outLen = MD4_DIGEST_SIZE;
729 g.input = "1234567890123456789012345678901234567890123456789012345678"
730 "9012345678901234567890";
731 g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
733 g.inLen = strlen(g.input);
734 g.outLen = MD4_DIGEST_SIZE;
746 for (i = 0; i < times; ++i) {
747 Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
748 Md4Final(&md4, hash);
750 if (memcmp(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
764 byte hash[SHA_DIGEST_SIZE];
766 testVector a, b, c, d;
767 testVector test_sha[4];
769 int times = sizeof(test_sha) / sizeof(struct testVector), i;
772 a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
773 "\x6C\x9C\xD0\xD8\x9D";
774 a.inLen = strlen(a.input);
775 a.outLen = SHA_DIGEST_SIZE;
777 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
778 b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
779 "\xE5\xE5\x46\x70\xF1";
780 b.inLen = strlen(b.input);
781 b.outLen = SHA_DIGEST_SIZE;
783 c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
785 c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
786 "\x2A\x25\xEC\x64\x4D";
787 c.inLen = strlen(c.input);
788 c.outLen = SHA_DIGEST_SIZE;
790 d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
793 d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
794 "\x53\x99\x5E\x26\xA0";
795 d.inLen = strlen(d.input);
796 d.outLen = SHA_DIGEST_SIZE;
807 for (i = 0; i < times; ++i) {
808 ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
809 ShaFinal(&sha, hash);
811 if (memcmp(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
821 int ripemd_test(void)
824 byte hash[RIPEMD_DIGEST_SIZE];
826 testVector a, b, c, d;
827 testVector test_ripemd[4];
828 int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
831 a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
832 "\xb0\x87\xf1\x5a\x0b\xfc";
833 a.inLen = strlen(a.input);
834 a.outLen = RIPEMD_DIGEST_SIZE;
836 b.input = "message digest";
837 b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
838 "\x5f\xfa\x21\x59\x5f\x36";
839 b.inLen = strlen(b.input);
840 b.outLen = RIPEMD_DIGEST_SIZE;
842 c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
843 c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
844 "\xf4\x9a\xda\x62\xeb\x2b";
845 c.inLen = strlen(c.input);
846 c.outLen = RIPEMD_DIGEST_SIZE;
848 d.input = "12345678901234567890123456789012345678901234567890123456"
849 "789012345678901234567890";
850 d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
851 "\x82\xbf\x63\x32\x6b\xfb";
852 d.inLen = strlen(d.input);
853 d.outLen = RIPEMD_DIGEST_SIZE;
862 for (i = 0; i < times; ++i) {
863 RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
864 (word32)test_ripemd[i].inLen);
865 RipeMdFinal(&ripemd, hash);
867 if (memcmp(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
873 #endif /* CYASSL_RIPEMD */
879 #define BLAKE2_TESTS 3
881 static const byte blake2b_vec[BLAKE2_TESTS][BLAKE2B_OUTBYTES] =
884 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
885 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
886 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
887 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
888 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
889 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
890 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
891 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
894 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
895 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
896 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
897 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
898 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
899 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
900 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
901 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
904 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
905 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
906 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
907 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
908 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
909 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
910 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
911 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
917 int blake2b_test(void)
924 for (i = 0; i < (int)sizeof(input); i++)
927 for (i = 0; i < BLAKE2_TESTS; i++) {
928 ret = InitBlake2b(&b2b, 64);
932 ret = Blake2bUpdate(&b2b, input, i);
936 ret = Blake2bFinal(&b2b, digest, 64);
940 if (memcmp(digest, blake2b_vec[i], 64) != 0) {
947 #endif /* HAVE_BLAKE2 */
951 int sha256_test(void)
954 byte hash[SHA256_DIGEST_SIZE];
957 testVector test_sha[2];
959 int times = sizeof(test_sha) / sizeof(struct testVector), i;
962 a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
963 "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
965 a.inLen = strlen(a.input);
966 a.outLen = SHA256_DIGEST_SIZE;
968 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
969 b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
970 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
972 b.inLen = strlen(b.input);
973 b.outLen = SHA256_DIGEST_SIZE;
978 ret = InitSha256(&sha);
982 for (i = 0; i < times; ++i) {
983 ret = Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
986 ret = Sha256Final(&sha, hash);
990 if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
1000 int sha512_test(void)
1003 byte hash[SHA512_DIGEST_SIZE];
1007 testVector test_sha[2];
1008 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1011 a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
1012 "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
1013 "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
1014 "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
1016 a.inLen = strlen(a.input);
1017 a.outLen = SHA512_DIGEST_SIZE;
1019 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1020 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1021 b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
1022 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
1023 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
1024 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
1026 b.inLen = strlen(b.input);
1027 b.outLen = SHA512_DIGEST_SIZE;
1032 ret = InitSha512(&sha);
1036 for (i = 0; i < times; ++i) {
1037 ret = Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1041 ret = Sha512Final(&sha, hash);
1045 if (memcmp(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
1054 #ifdef CYASSL_SHA384
1055 int sha384_test(void)
1058 byte hash[SHA384_DIGEST_SIZE];
1062 testVector test_sha[2];
1063 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1066 a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
1067 "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
1068 "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
1070 a.inLen = strlen(a.input);
1071 a.outLen = SHA384_DIGEST_SIZE;
1073 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1074 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1075 b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
1076 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
1077 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
1079 b.inLen = strlen(b.input);
1080 b.outLen = SHA384_DIGEST_SIZE;
1085 ret = InitSha384(&sha);
1089 for (i = 0; i < times; ++i) {
1090 ret = Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1094 ret = Sha384Final(&sha, hash);
1098 if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
1104 #endif /* CYASSL_SHA384 */
1107 #if !defined(NO_HMAC) && !defined(NO_MD5)
1108 int hmac_md5_test(void)
1111 byte hash[MD5_DIGEST_SIZE];
1115 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
1117 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1121 testVector test_hmac[3];
1124 int times = sizeof(test_hmac) / sizeof(testVector), i;
1126 a.input = "Hi There";
1127 a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
1129 a.inLen = strlen(a.input);
1130 a.outLen = MD5_DIGEST_SIZE;
1132 b.input = "what do ya want for nothing?";
1133 b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
1135 b.inLen = strlen(b.input);
1136 b.outLen = MD5_DIGEST_SIZE;
1138 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1139 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1140 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1141 "\xDD\xDD\xDD\xDD\xDD\xDD";
1142 c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
1144 c.inLen = strlen(c.input);
1145 c.outLen = MD5_DIGEST_SIZE;
1151 for (i = 0; i < times; ++i) {
1154 continue; /* driver can't handle keys <= bytes */
1155 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1158 ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
1161 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1162 (word32)test_hmac[i].inLen);
1165 ret = HmacFinal(&hmac, hash);
1169 if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0)
1172 HmacFreeCavium(&hmac);
1178 #endif /* NO_HMAC && NO_MD5 */
1180 #if !defined(NO_HMAC) && !defined(NO_SHA)
1181 int hmac_sha_test(void)
1184 byte hash[SHA_DIGEST_SIZE];
1188 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1191 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1196 testVector test_hmac[3];
1199 int times = sizeof(test_hmac) / sizeof(testVector), i;
1201 a.input = "Hi There";
1202 a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
1203 "\x8e\xf1\x46\xbe\x00";
1204 a.inLen = strlen(a.input);
1205 a.outLen = SHA_DIGEST_SIZE;
1207 b.input = "what do ya want for nothing?";
1208 b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
1209 "\x9c\x25\x9a\x7c\x79";
1210 b.inLen = strlen(b.input);
1211 b.outLen = SHA_DIGEST_SIZE;
1213 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1214 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1215 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1216 "\xDD\xDD\xDD\xDD\xDD\xDD";
1217 c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
1218 "\x4f\x63\xf1\x75\xd3";
1219 c.inLen = strlen(c.input);
1220 c.outLen = SHA_DIGEST_SIZE;
1226 for (i = 0; i < times; ++i) {
1229 continue; /* driver can't handle keys <= bytes */
1230 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1233 ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
1236 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1237 (word32)test_hmac[i].inLen);
1240 ret = HmacFinal(&hmac, hash);
1244 if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0)
1247 HmacFreeCavium(&hmac);
1256 #if !defined(NO_HMAC) && !defined(NO_SHA256)
1257 int hmac_sha256_test(void)
1260 byte hash[SHA256_DIGEST_SIZE];
1264 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1267 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1272 testVector test_hmac[3];
1275 int times = sizeof(test_hmac) / sizeof(testVector), i;
1277 a.input = "Hi There";
1278 a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
1279 "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
1281 a.inLen = strlen(a.input);
1282 a.outLen = SHA256_DIGEST_SIZE;
1284 b.input = "what do ya want for nothing?";
1285 b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
1286 "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
1288 b.inLen = strlen(b.input);
1289 b.outLen = SHA256_DIGEST_SIZE;
1291 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1292 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1293 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1294 "\xDD\xDD\xDD\xDD\xDD\xDD";
1295 c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
1296 "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
1298 c.inLen = strlen(c.input);
1299 c.outLen = SHA256_DIGEST_SIZE;
1305 for (i = 0; i < times; ++i) {
1308 continue; /* driver can't handle keys <= bytes */
1309 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1312 ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i]));
1315 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1316 (word32)test_hmac[i].inLen);
1319 ret = HmacFinal(&hmac, hash);
1323 if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0)
1326 HmacFreeCavium(&hmac);
1335 #if !defined(NO_HMAC) && defined(HAVE_BLAKE2)
1336 int hmac_blake2b_test(void)
1339 byte hash[BLAKE2B_256];
1343 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1346 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1351 testVector test_hmac[3];
1354 int times = sizeof(test_hmac) / sizeof(testVector), i;
1356 a.input = "Hi There";
1357 a.output = "\x72\x93\x0d\xdd\xf5\xf7\xe1\x78\x38\x07\x44\x18\x0b\x3f\x51"
1358 "\x37\x25\xb5\x82\xc2\x08\x83\x2f\x1c\x99\xfd\x03\xa0\x16\x75"
1360 a.inLen = strlen(a.input);
1361 a.outLen = BLAKE2B_256;
1363 b.input = "what do ya want for nothing?";
1364 b.output = "\x3d\x20\x50\x71\x05\xc0\x8c\x0c\x38\x44\x1e\xf7\xf9\xd1\x67"
1365 "\x21\xff\x64\xf5\x94\x00\xcf\xf9\x75\x41\xda\x88\x61\x9d\x7c"
1367 b.inLen = strlen(b.input);
1368 b.outLen = BLAKE2B_256;
1370 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1371 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1372 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1373 "\xDD\xDD\xDD\xDD\xDD\xDD";
1374 c.output = "\xda\xfe\x2a\x24\xfc\xe7\xea\x36\x34\xbe\x41\x92\xc7\x11\xa7"
1375 "\x00\xae\x53\x9c\x11\x9c\x80\x74\x55\x22\x25\x4a\xb9\x55\xd3"
1377 c.inLen = strlen(c.input);
1378 c.outLen = BLAKE2B_256;
1384 for (i = 0; i < times; ++i) {
1387 continue; /* driver can't handle keys <= bytes */
1388 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1391 ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
1392 (word32)strlen(keys[i]));
1395 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1396 (word32)test_hmac[i].inLen);
1399 ret = HmacFinal(&hmac, hash);
1403 if (memcmp(hash, test_hmac[i].output, BLAKE2B_256) != 0)
1406 HmacFreeCavium(&hmac);
1415 #if !defined(NO_HMAC) && defined(CYASSL_SHA384)
1416 int hmac_sha384_test(void)
1419 byte hash[SHA384_DIGEST_SIZE];
1423 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1426 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1431 testVector test_hmac[3];
1434 int times = sizeof(test_hmac) / sizeof(testVector), i;
1436 a.input = "Hi There";
1437 a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
1438 "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
1439 "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
1441 a.inLen = strlen(a.input);
1442 a.outLen = SHA384_DIGEST_SIZE;
1444 b.input = "what do ya want for nothing?";
1445 b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
1446 "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
1447 "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
1449 b.inLen = strlen(b.input);
1450 b.outLen = SHA384_DIGEST_SIZE;
1452 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1453 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1454 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1455 "\xDD\xDD\xDD\xDD\xDD\xDD";
1456 c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
1457 "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
1458 "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
1460 c.inLen = strlen(c.input);
1461 c.outLen = SHA384_DIGEST_SIZE;
1467 for (i = 0; i < times; ++i) {
1468 ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
1471 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1472 (word32)test_hmac[i].inLen);
1475 ret = HmacFinal(&hmac, hash);
1479 if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0)
1488 #if !defined(NO_HMAC) && defined(CYASSL_SHA512)
1489 int hmac_sha512_test(void)
1492 byte hash[SHA512_DIGEST_SIZE];
1496 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1499 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1504 testVector test_hmac[3];
1507 int times = sizeof(test_hmac) / sizeof(testVector), i;
1509 a.input = "Hi There";
1510 a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
1511 "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
1512 "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
1513 "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
1515 a.inLen = strlen(a.input);
1516 a.outLen = SHA512_DIGEST_SIZE;
1518 b.input = "what do ya want for nothing?";
1519 b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
1520 "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
1521 "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
1522 "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
1524 b.inLen = strlen(b.input);
1525 b.outLen = SHA512_DIGEST_SIZE;
1527 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1528 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1530 "\xDD\xDD\xDD\xDD\xDD\xDD";
1531 c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
1532 "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
1533 "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
1534 "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
1536 c.inLen = strlen(c.input);
1537 c.outLen = SHA512_DIGEST_SIZE;
1543 for (i = 0; i < times; ++i) {
1544 ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
1547 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1548 (word32)test_hmac[i].inLen);
1551 ret = HmacFinal(&hmac, hash);
1555 if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0)
1570 const char* keys[] =
1572 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1573 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1574 "\x00\x00\x00\x00\x00\x00\x00\x00",
1578 testVector a, b, c, d;
1579 testVector test_arc4[4];
1581 int times = sizeof(test_arc4) / sizeof(testVector), i;
1583 a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
1584 a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
1588 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1589 b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
1593 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1594 c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
1598 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1599 d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
1608 for (i = 0; i < times; ++i) {
1611 int keylen = 8; /* strlen with key 0x00 not good */
1616 if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0)
1618 if (Arc4InitCavium(&dec, CAVIUM_DEV_ID) != 0)
1622 Arc4SetKey(&enc, (byte*)keys[i], keylen);
1623 Arc4SetKey(&dec, (byte*)keys[i], keylen);
1625 Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
1626 (word32)test_arc4[i].outLen);
1627 Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
1629 if (memcmp(plain, test_arc4[i].input, test_arc4[i].outLen))
1632 if (memcmp(cipher, test_arc4[i].output, test_arc4[i].outLen))
1636 Arc4FreeCavium(&enc);
1637 Arc4FreeCavium(&dec);
1646 int hc128_test(void)
1652 const char* keys[] =
1654 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1655 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1656 "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
1657 "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
1662 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1663 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1664 "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
1665 "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
1669 testVector a, b, c, d;
1670 testVector test_hc128[4];
1672 int times = sizeof(test_hc128) / sizeof(testVector), i;
1674 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1675 a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
1679 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1680 b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
1684 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1685 c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
1689 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1690 d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
1699 for (i = 0; i < times; ++i) {
1703 /* align keys/ivs in plain/cipher buffers */
1704 memcpy(plain, keys[i], 16);
1705 memcpy(cipher, ivs[i], 16);
1707 Hc128_SetKey(&enc, plain, cipher);
1708 Hc128_SetKey(&dec, plain, cipher);
1711 memcpy(plain, test_hc128[i].input, test_hc128[i].outLen);
1712 Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen);
1713 Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen);
1715 if (memcmp(plain, test_hc128[i].input, test_hc128[i].outLen))
1718 if (memcmp(cipher, test_hc128[i].output, test_hc128[i].outLen))
1719 return -120 - 5 - i;
1722 #endif /* HAVE_HC128 */
1728 int rabbit_test(void)
1733 const char* keys[] =
1735 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1736 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1737 "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
1742 "\x00\x00\x00\x00\x00\x00\x00\x00",
1743 "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
1748 testVector test_rabbit[3];
1750 int times = sizeof(test_rabbit) / sizeof(testVector), i;
1752 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1753 a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
1757 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1758 b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
1762 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1763 c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
1771 for (i = 0; i < times; ++i) {
1776 /* align keys/ivs in plain/cipher buffers */
1777 memcpy(plain, keys[i], 16);
1779 memcpy(cipher, ivs[i], 8);
1783 RabbitSetKey(&enc, plain, iv);
1784 RabbitSetKey(&dec, plain, iv);
1787 memcpy(plain, test_rabbit[i].input, test_rabbit[i].outLen);
1788 RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
1789 RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
1791 if (memcmp(plain, test_rabbit[i].input, test_rabbit[i].outLen))
1794 if (memcmp(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
1795 return -130 - 5 - i;
1800 #endif /* NO_RABBIT */
1806 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
1807 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1808 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1809 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1820 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
1825 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
1828 const byte verify[] =
1830 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
1831 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
1832 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
1837 ret = Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
1841 Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
1842 ret = Des_SetKey(&dec, key, iv, DES_DECRYPTION);
1845 Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
1847 if (memcmp(plain, vector, sizeof(plain)))
1850 if (memcmp(cipher, verify, sizeof(cipher)))
1855 #endif /* NO_DES3 */
1861 const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
1862 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1863 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1864 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1875 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
1876 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
1877 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
1881 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
1882 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1883 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
1887 const byte verify3[] =
1889 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
1890 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
1891 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
1898 if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
1900 if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0)
1903 ret = Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
1906 ret = Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
1909 ret = Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
1912 ret = Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
1916 if (memcmp(plain, vector, sizeof(plain)))
1919 if (memcmp(cipher, verify3, sizeof(cipher)))
1923 Des3_FreeCavium(&enc);
1924 Des3_FreeCavium(&dec);
1937 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
1938 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1939 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1940 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1943 const byte verify[] =
1945 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
1946 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
1949 byte key[] = "0123456789abcdef "; /* align */
1950 byte iv[] = "1234567890abcdef "; /* align */
1952 byte cipher[AES_BLOCK_SIZE * 4];
1953 byte plain [AES_BLOCK_SIZE * 4];
1957 if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
1959 if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
1962 ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
1965 ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
1969 ret = AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
1972 ret = AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
1976 if (memcmp(plain, msg, AES_BLOCK_SIZE))
1979 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
1983 AesFreeCavium(&enc);
1984 AesFreeCavium(&dec);
1986 #ifdef CYASSL_AES_COUNTER
1988 const byte ctrKey[] =
1990 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
1991 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
1994 const byte ctrIv[] =
1996 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
1997 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
2001 const byte ctrPlain[] =
2003 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2004 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
2005 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
2006 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
2007 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
2008 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
2009 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
2010 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
2013 const byte ctrCipher[] =
2015 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
2016 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
2017 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
2018 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
2019 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
2020 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
2021 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
2022 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
2025 const byte oddCipher[] =
2027 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
2031 AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2032 /* Ctr only uses encrypt, even on key setup */
2033 AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2035 AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4);
2036 AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);
2038 if (memcmp(plain, ctrPlain, AES_BLOCK_SIZE*4))
2041 if (memcmp(cipher, ctrCipher, AES_BLOCK_SIZE*4))
2044 /* let's try with just 9 bytes, non block size test */
2045 AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2046 /* Ctr only uses encrypt, even on key setup */
2047 AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2049 AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2050 AesCtrEncrypt(&dec, plain, cipher, 9);
2052 if (memcmp(plain, ctrPlain, 9))
2055 if (memcmp(cipher, ctrCipher, 9))
2058 /* and an additional 9 bytes to reuse tmp left buffer */
2059 AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2060 AesCtrEncrypt(&dec, plain, cipher, 9);
2062 if (memcmp(plain, ctrPlain, 9))
2065 if (memcmp(cipher, oddCipher, 9))
2068 #endif /* CYASSL_AES_COUNTER */
2070 #if defined(CYASSL_AESNI) && defined(CYASSL_AES_DIRECT)
2072 const byte niPlain[] =
2074 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2075 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
2078 const byte niCipher[] =
2080 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
2081 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
2084 const byte niKey[] =
2086 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
2087 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
2088 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
2089 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
2092 XMEMSET(cipher, 0, AES_BLOCK_SIZE);
2093 ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
2096 AesEncryptDirect(&enc, cipher, niPlain);
2097 if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
2100 XMEMSET(plain, 0, AES_BLOCK_SIZE);
2101 ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
2104 AesDecryptDirect(&dec, plain, niCipher);
2105 if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
2108 #endif /* CYASSL_AESNI && CYASSL_AES_DIRECT */
2114 int aesgcm_test(void)
2119 * This is Test Case 16 from the document Galois/
2120 * Counter Mode of Operation (GCM) by McGrew and
2125 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2126 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
2127 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2128 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
2133 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
2134 0xde, 0xca, 0xf8, 0x88
2139 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
2140 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
2141 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
2142 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
2143 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
2144 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
2145 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
2146 0xba, 0x63, 0x7b, 0x39
2151 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2152 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2153 0xab, 0xad, 0xda, 0xd2
2158 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
2159 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
2160 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
2161 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
2162 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
2163 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
2164 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
2165 0xbc, 0xc9, 0xf6, 0x62
2170 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
2171 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
2180 memset(t2, 0, sizeof(t2));
2181 memset(c2, 0, sizeof(c2));
2182 memset(p2, 0, sizeof(p2));
2184 AesGcmSetKey(&enc, k, sizeof(k));
2185 /* AES-GCM encrypt and decrypt both use AES encrypt internally */
2186 AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2187 t2, sizeof(t2), a, sizeof(a));
2188 if (memcmp(c, c2, sizeof(c2)))
2190 if (memcmp(t, t2, sizeof(t2)))
2193 result = AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2194 t2, sizeof(t2), a, sizeof(a));
2197 if (memcmp(p, p2, sizeof(p2)))
2209 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
2210 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
2214 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
2215 0xe2, 0x8c, 0x8f, 0x16
2219 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
2220 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
2224 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
2225 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
2230 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
2231 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
2235 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
2236 0x1a, 0x60, 0x24, 0xa7
2240 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
2241 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
2245 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
2246 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
2251 0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b,
2252 0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac
2256 0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92,
2257 0x6a, 0x9c, 0x26, 0xb0
2261 0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31,
2262 0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a
2266 0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48
2271 memset(tag, 0, sizeof(tag));
2272 GmacSetKey(&gmac, k1, sizeof(k1));
2273 GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
2274 if (memcmp(t1, tag, sizeof(t1)) != 0)
2277 memset(tag, 0, sizeof(tag));
2278 GmacSetKey(&gmac, k2, sizeof(k2));
2279 GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
2280 if (memcmp(t2, tag, sizeof(t2)) != 0)
2283 memset(tag, 0, sizeof(tag));
2284 GmacSetKey(&gmac, k3, sizeof(k3));
2285 GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3));
2286 if (memcmp(t3, tag, sizeof(t3)) != 0)
2291 #endif /* HAVE_AESGCM */
2294 int aesccm_test(void)
2301 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
2302 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
2308 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
2309 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
2315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2316 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2317 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
2322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
2327 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
2328 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
2329 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
2334 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
2343 memset(t2, 0, sizeof(t2));
2344 memset(c2, 0, sizeof(c2));
2345 memset(p2, 0, sizeof(p2));
2347 AesCcmSetKey(&enc, k, sizeof(k));
2348 /* AES-CCM encrypt and decrypt both use AES encrypt internally */
2349 AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2350 t2, sizeof(t2), a, sizeof(a));
2351 if (memcmp(c, c2, sizeof(c2)))
2353 if (memcmp(t, t2, sizeof(t2)))
2356 result = AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2357 t2, sizeof(t2), a, sizeof(a));
2360 if (memcmp(p, p2, sizeof(p2)))
2363 /* Test the authentication failure */
2364 t2[0]++; /* Corrupt the authentication tag. */
2365 result = AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv),
2366 t2, sizeof(t2), a, sizeof(a));
2370 /* Clear c2 to compare against p2. p2 should be set to zero in case of
2371 * authentication fail. */
2372 memset(c2, 0, sizeof(c2));
2373 if (memcmp(p2, c2, sizeof(p2)))
2378 #endif /* HAVE_AESCCM */
2384 #ifdef HAVE_CAMELLIA
2387 CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
2392 const byte* plaintext;
2394 const byte* ciphertext;
2400 int camellia_test(void)
2402 /* Camellia ECB Test Plaintext */
2403 static const byte pte[] =
2405 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2406 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2409 /* Camellia ECB Test Initialization Vector */
2410 static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
2412 /* Test 1: Camellia ECB 128-bit key */
2413 static const byte k1[] =
2415 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2416 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2418 static const byte c1[] =
2420 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
2421 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
2424 /* Test 2: Camellia ECB 192-bit key */
2425 static const byte k2[] =
2427 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2428 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2429 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
2431 static const byte c2[] =
2433 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
2434 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
2437 /* Test 3: Camellia ECB 256-bit key */
2438 static const byte k3[] =
2440 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2441 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2442 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
2443 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
2445 static const byte c3[] =
2447 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
2448 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
2451 /* Camellia CBC Test Plaintext */
2452 static const byte ptc[] =
2454 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
2455 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
2458 /* Camellia CBC Test Initialization Vector */
2459 static const byte ivc[] =
2461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2462 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
2465 /* Test 4: Camellia-CBC 128-bit key */
2466 static const byte k4[] =
2468 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
2469 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
2471 static const byte c4[] =
2473 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
2474 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
2477 /* Test 5: Camellia-CBC 192-bit key */
2478 static const byte k5[] =
2480 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
2481 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
2482 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
2484 static const byte c5[] =
2486 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
2487 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
2490 /* Test 6: CBC 256-bit key */
2491 static const byte k6[] =
2493 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
2494 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
2495 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
2496 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
2498 static const byte c6[] =
2500 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
2501 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
2504 byte out[CAMELLIA_BLOCK_SIZE];
2507 const test_vector_t testVectors[] =
2509 {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
2510 {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
2511 {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
2512 {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
2513 {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
2514 {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
2515 {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
2516 {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
2517 {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
2518 {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
2519 {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
2520 {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
2523 testsSz = sizeof(testVectors)/sizeof(test_vector_t);
2524 for (i = 0; i < testsSz; i++) {
2525 if (CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
2526 testVectors[i].iv) != 0)
2527 return testVectors[i].errorCode;
2529 switch (testVectors[i].type) {
2531 CamelliaEncryptDirect(&cam, out, testVectors[i].plaintext);
2532 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
2533 return testVectors[i].errorCode;
2536 CamelliaDecryptDirect(&cam, out, testVectors[i].ciphertext);
2537 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
2538 return testVectors[i].errorCode;
2541 CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
2542 CAMELLIA_BLOCK_SIZE);
2543 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
2544 return testVectors[i].errorCode;
2547 CamelliaCbcDecrypt(&cam, out, testVectors[i].ciphertext,
2548 CAMELLIA_BLOCK_SIZE);
2549 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
2550 return testVectors[i].errorCode;
2557 /* Setting the IV and checking it was actually set. */
2558 CamelliaSetIV(&cam, ivc);
2559 if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
2562 /* Setting the IV to NULL should be same as all zeros IV */
2563 if (CamelliaSetIV(&cam, NULL) != 0 ||
2564 XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
2567 /* First parameter should never be null */
2568 if (CamelliaSetIV(NULL, NULL) == 0)
2571 /* First parameter should never be null, check it fails */
2572 if (CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
2575 /* Key should have a size of 16, 24, or 32 */
2576 if (CamelliaSetKey(&cam, k1, 0, NULL) == 0)
2581 #endif /* HAVE_CAMELLIA */
2584 int random_test(void)
2591 ret = InitRngCavium(&rng, CAVIUM_DEV_ID);
2592 if (ret != 0) return -2007;
2594 ret = InitRng(&rng);
2595 if (ret != 0) return -39;
2597 ret = RNG_GenerateBlock(&rng, block, sizeof(block));
2598 if (ret != 0) return -40;
2606 byte GetEntropy(ENTROPY_CMD cmd, byte* out);
2608 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
2613 return (InitRng(&rng) == 0) ? 1 : 0;
2618 if (cmd == GET_BYTE_OF_ENTROPY)
2619 return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
2621 if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
2629 #endif /* HAVE_NTRU */
2633 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
2634 #ifdef FREESCALE_MQX
2635 static const char* clientKey = "a:\\certs\\client-key.der";
2636 static const char* clientCert = "a:\\certs\\client-cert.der";
2637 #ifdef CYASSL_CERT_GEN
2638 static const char* caKeyFile = "a:\\certs\\ca-key.der";
2639 static const char* caCertFile = "a:\\certs\\ca-cert.pem";
2641 static const char* eccCaKeyFile = "a:\\certs\\ecc-key.der";
2642 static const char* eccCaCertFile = "a:\\certs\\server-ecc.pem";
2645 #elif defined(CYASSL_MKD_SHELL)
2646 static char* clientKey = "certs/client-key.der";
2647 static char* clientCert = "certs/client-cert.der";
2648 void set_clientKey(char *key) { clientKey = key ; }
2649 void set_clientCert(char *cert) { clientCert = cert ; }
2650 #ifdef CYASSL_CERT_GEN
2651 static char* caKeyFile = "certs/ca-key.der";
2652 static char* caCertFile = "certs/ca-cert.pem";
2653 void set_caKeyFile (char * key) { caKeyFile = key ; }
2654 void set_caCertFile(char * cert) { caCertFile = cert ; }
2656 static const char* eccCaKeyFile = "certs/ecc-key.der";
2657 static const char* eccCaCertFile = "certs/server-ecc.pem";
2658 void set_eccCaKeyFile (char * key) { eccCaKeyFile = key ; }
2659 void set_eccCaCertFile(char * cert) { eccCaCertFile = cert ; }
2663 static const char* clientKey = "./certs/client-key.der";
2664 static const char* clientCert = "./certs/client-cert.der";
2665 #ifdef CYASSL_CERT_GEN
2666 static const char* caKeyFile = "./certs/ca-key.der";
2667 static const char* caCertFile = "./certs/ca-cert.pem";
2669 static const char* eccCaKeyFile = "./certs/ecc-key.der";
2670 static const char* eccCaCertFile = "./certs/server-ecc.pem";
2678 #define FOURK_BUF 4096
2688 byte in[] = "Everyone gets Friday off.";
2689 word32 inLen = (word32)strlen((char*)in);
2692 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
2693 FILE* file, * file2;
2695 #ifdef CYASSL_TEST_CERT
2699 tmp = (byte*)malloc(FOURK_BUF);
2703 #ifdef USE_CERT_BUFFERS_1024
2704 XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
2705 bytes = sizeof_client_key_der_1024;
2706 #elif defined(USE_CERT_BUFFERS_2048)
2707 XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
2708 bytes = sizeof_client_key_der_2048;
2710 file = fopen(clientKey, "rb");
2713 err_sys("can't open ./certs/client-key.der, "
2714 "Please run from CyaSSL home dir", -40);
2716 bytes = fread(tmp, 1, FOURK_BUF, file);
2718 #endif /* USE_CERT_BUFFERS */
2721 RsaInitCavium(&key, CAVIUM_DEV_ID);
2723 ret = InitRsaKey(&key, 0);
2724 if (ret != 0) return -39;
2725 ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
2726 if (ret != 0) return -41;
2728 ret = InitRng(&rng);
2729 if (ret != 0) return -42;
2731 ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
2732 if (ret < 0) return -43;
2734 ret = RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
2735 if (ret < 0) return -44;
2737 if (memcmp(plain, in, inLen)) return -45;
2739 ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
2740 if (ret < 0) return -46;
2742 memset(plain, 0, sizeof(plain));
2743 ret = RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
2744 if (ret < 0) return -47;
2746 if (memcmp(plain, in, ret)) return -48;
2748 #if defined(CYASSL_MDK_ARM)
2749 #define sizeof(s) strlen((char *)(s))
2752 #ifdef USE_CERT_BUFFERS_1024
2753 XMEMCPY(tmp, client_cert_der_1024, sizeof_client_cert_der_1024);
2754 bytes = sizeof_client_cert_der_1024;
2755 #elif defined(USE_CERT_BUFFERS_2048)
2756 XMEMCPY(tmp, client_cert_der_2048, sizeof_client_cert_der_2048);
2757 bytes = sizeof_client_cert_der_2048;
2759 file2 = fopen(clientCert, "rb");
2763 bytes = fread(tmp, 1, FOURK_BUF, file2);
2771 #ifdef CYASSL_TEST_CERT
2772 InitDecodedCert(&cert, tmp, (word32)bytes, 0);
2774 ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
2775 if (ret != 0) return -491;
2777 FreeDecodedCert(&cert);
2783 #ifdef CYASSL_KEY_GEN
2794 ret = InitRsaKey(&genKey, 0);
2797 ret = MakeRsaKey(&genKey, 1024, 65537, &rng);
2801 der = (byte*)malloc(FOURK_BUF);
2803 FreeRsaKey(&genKey);
2806 pem = (byte*)malloc(FOURK_BUF);
2809 FreeRsaKey(&genKey);
2813 derSz = RsaKeyToDer(&genKey, der, FOURK_BUF);
2820 keyFile = fopen("./key.der", "wb");
2824 FreeRsaKey(&genKey);
2827 ret = (int)fwrite(der, 1, derSz, keyFile);
2832 FreeRsaKey(&genKey);
2836 pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
2840 FreeRsaKey(&genKey);
2844 pemFile = fopen("./key.pem", "wb");
2848 FreeRsaKey(&genKey);
2851 ret = (int)fwrite(pem, 1, pemSz, pemFile);
2856 FreeRsaKey(&genKey);
2860 ret = InitRsaKey(&derIn, 0);
2864 FreeRsaKey(&genKey);
2868 ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz);
2873 FreeRsaKey(&genKey);
2878 FreeRsaKey(&genKey);
2882 #endif /* CYASSL_KEY_GEN */
2885 #ifdef CYASSL_CERT_GEN
2895 #ifdef CYASSL_TEST_CERT
2899 derCert = (byte*)malloc(FOURK_BUF);
2900 if (derCert == NULL)
2902 pem = (byte*)malloc(FOURK_BUF);
2910 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
2911 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
2912 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
2913 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
2914 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
2915 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
2916 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
2918 myCert.sigType = CTC_SHA256wRSA;
2920 certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng);
2927 #ifdef CYASSL_TEST_CERT
2928 InitDecodedCert(&decode, derCert, certSz, 0);
2929 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
2935 FreeDecodedCert(&decode);
2937 derFile = fopen("./cert.der", "wb");
2943 ret = (int)fwrite(derCert, 1, certSz, derFile);
2945 if (ret != certSz) {
2951 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
2958 pemFile = fopen("./cert.pem", "wb");
2964 ret = (int)fwrite(pem, 1, pemSz, pemFile);
2987 #ifdef CYASSL_TEST_CERT
2991 derCert = (byte*)malloc(FOURK_BUF);
2992 if (derCert == NULL)
2994 pem = (byte*)malloc(FOURK_BUF);
3000 file3 = fopen(caKeyFile, "rb");
3008 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3011 ret = InitRsaKey(&caKey, 0);
3017 ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3027 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3028 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3029 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3030 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3031 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3032 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3033 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3035 ret = SetIssuer(&myCert, caCertFile);
3043 certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
3051 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3052 &caKey, NULL, &rng);
3061 #ifdef CYASSL_TEST_CERT
3062 InitDecodedCert(&decode, derCert, certSz, 0);
3063 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3070 FreeDecodedCert(&decode);
3073 derFile = fopen("./othercert.der", "wb");
3080 ret = (int)fwrite(derCert, 1, certSz, derFile);
3082 if (ret != certSz) {
3089 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3097 pemFile = fopen("./othercert.pem", "wb");
3104 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3130 #ifdef CYASSL_TEST_CERT
3134 derCert = (byte*)malloc(FOURK_BUF);
3135 if (derCert == NULL)
3137 pem = (byte*)malloc(FOURK_BUF);
3143 file3 = fopen(eccCaKeyFile, "rb");
3151 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3155 ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3163 myCert.sigType = CTC_SHA256wECDSA;
3165 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3166 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3167 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3168 strncpy(myCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
3169 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3170 strncpy(myCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
3171 strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
3173 ret = SetIssuer(&myCert, eccCaCertFile);
3181 certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng);
3189 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3190 NULL, &caKey, &rng);
3198 #ifdef CYASSL_TEST_CERT
3199 InitDecodedCert(&decode, derCert, certSz, 0);
3200 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3207 FreeDecodedCert(&decode);
3210 derFile = fopen("./certecc.der", "wb");
3217 ret = (int)fwrite(derCert, 1, certSz, derFile);
3219 if (ret != certSz) {
3226 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3234 pemFile = fopen("./certecc.pem", "wb");
3241 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3253 #endif /* HAVE_ECC */
3267 #ifdef CYASSL_TEST_CERT
3270 derCert = (byte*)malloc(FOURK_BUF);
3271 if (derCert == NULL)
3273 pem = (byte*)malloc(FOURK_BUF);
3279 byte public_key[557]; /* sized for EES401EP2 */
3280 word16 public_key_len; /* no. of octets in public key */
3281 byte private_key[607]; /* sized for EES401EP2 */
3282 word16 private_key_len; /* no. of octets in private key */
3284 static uint8_t const pers_str[] = {
3285 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
3287 word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
3289 if (rc != DRBG_OK) {
3295 rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
3296 NULL, &private_key_len, NULL);
3297 if (rc != NTRU_OK) {
3303 rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
3304 public_key, &private_key_len, private_key);
3305 crypto_drbg_uninstantiate(drbg);
3307 if (rc != NTRU_OK) {
3313 caFile = fopen(caKeyFile, "rb");
3321 bytes = fread(tmp, 1, FOURK_BUF, caFile);
3324 ret = InitRsaKey(&caKey, 0);
3330 ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
3339 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3340 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3341 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3342 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3343 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3344 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3345 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3347 ret = SetIssuer(&myCert, caCertFile);
3355 certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key,
3356 public_key_len, &rng);
3364 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3365 &caKey, NULL, &rng);
3374 #ifdef CYASSL_TEST_CERT
3375 InitDecodedCert(&decode, derCert, certSz, 0);
3376 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3382 FreeDecodedCert(&decode);
3384 derFile = fopen("./ntru-cert.der", "wb");
3390 ret = (int)fwrite(derCert, 1, certSz, derFile);
3392 if (ret != certSz) {
3398 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3405 pemFile = fopen("./ntru-cert.pem", "wb");
3411 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3419 ntruPrivFile = fopen("./ntru-key.raw", "wb");
3420 if (!ntruPrivFile) {
3425 ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
3426 fclose(ntruPrivFile);
3427 if (ret != private_key_len) {
3435 #endif /* HAVE_NTRU */
3436 #ifdef CYASSL_CERT_REQ
3445 der = (byte*)malloc(FOURK_BUF);
3448 pem = (byte*)malloc(FOURK_BUF);
3458 strncpy(req.challengePw, "yassl123", CTC_NAME_SIZE);
3459 strncpy(req.subject.country, "US", CTC_NAME_SIZE);
3460 strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
3461 strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
3462 strncpy(req.subject.org, "yaSSL", CTC_NAME_SIZE);
3463 strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
3464 strncpy(req.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3465 strncpy(req.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3466 req.sigType = CTC_SHA256wRSA;
3468 derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
3475 derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF,
3483 pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
3490 reqFile = fopen("./certreq.der", "wb");
3497 ret = (int)fwrite(der, 1, derSz, reqFile);
3505 reqFile = fopen("./certreq.pem", "wb");
3511 ret = (int)fwrite(pem, 1, pemSz, reqFile);
3522 #endif /* CYASSL_CERT_REQ */
3523 #endif /* CYASSL_CERT_GEN */
3527 RsaFreeCavium(&key);
3539 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3540 #ifdef FREESCALE_MQX
3541 static const char* dhKey = "a:\certs\\dh2048.der";
3543 static const char* dhKey = "./certs/dh2048.der";
3551 word32 idx = 0, privSz, pubSz, privSz2, pubSz2, agreeSz, agreeSz2;
3564 #ifdef USE_CERT_BUFFERS_1024
3565 XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
3566 bytes = sizeof_dh_key_der_1024;
3567 #elif defined(USE_CERT_BUFFERS_2048)
3568 XMEMCPY(tmp, dh_key_der_2048, sizeof_dh_key_der_2048);
3569 bytes = sizeof_dh_key_der_2048;
3571 FILE* file = fopen(dhKey, "rb");
3576 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
3578 #endif /* USE_CERT_BUFFERS */
3582 ret = DhKeyDecode(tmp, &idx, &key, bytes);
3587 ret = DhKeyDecode(tmp, &idx, &key2, bytes);
3591 ret = InitRng(&rng);
3595 ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
3596 ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
3600 ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
3601 ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
3605 if (memcmp(agree, agree2, agreeSz))
3619 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3620 #ifdef FREESCALE_MQX
3621 static const char* dsaKey = "a:\\certs\\dsa2048.der";
3623 static const char* dsaKey = "./certs/dsa2048.der";
3636 byte hash[SHA_DIGEST_SIZE];
3640 #ifdef USE_CERT_BUFFERS_1024
3641 XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
3642 bytes = sizeof_dsa_key_der_1024;
3643 #elif defined(USE_CERT_BUFFERS_2048)
3644 XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
3645 bytes = sizeof_dsa_key_der_2048;
3647 FILE* file = fopen(dsaKey, "rb");
3652 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
3654 #endif /* USE_CERT_BUFFERS */
3656 ret = InitSha(&sha);
3659 ShaUpdate(&sha, tmp, bytes);
3660 ShaFinal(&sha, hash);
3663 ret = DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
3664 if (ret != 0) return -61;
3666 ret = InitRng(&rng);
3667 if (ret != 0) return -62;
3669 ret = DsaSign(hash, signature, &key, &rng);
3670 if (ret != 0) return -63;
3672 ret = DsaVerify(hash, signature, &key, &answer);
3673 if (ret != 0) return -64;
3674 if (answer != 1) return -65;
3684 #ifdef OPENSSL_EXTRA
3686 int openssl_test(void)
3689 testVector a, b, c, d, e, f;
3690 byte hash[SHA_DIGEST_SIZE*4]; /* max size */
3695 a.input = "1234567890123456789012345678901234567890123456789012345678"
3696 "9012345678901234567890";
3697 a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
3699 a.inLen = strlen(a.input);
3700 a.outLen = MD5_DIGEST_SIZE;
3702 EVP_MD_CTX_init(&md_ctx);
3703 EVP_DigestInit(&md_ctx, EVP_md5());
3705 EVP_DigestUpdate(&md_ctx, a.input, a.inLen);
3706 EVP_DigestFinal(&md_ctx, hash, 0);
3708 if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
3711 b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
3712 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
3714 b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
3715 "\x53\x99\x5E\x26\xA0";
3716 b.inLen = strlen(b.input);
3717 b.outLen = SHA_DIGEST_SIZE;
3719 EVP_MD_CTX_init(&md_ctx);
3720 EVP_DigestInit(&md_ctx, EVP_sha1());
3722 EVP_DigestUpdate(&md_ctx, b.input, b.inLen);
3723 EVP_DigestFinal(&md_ctx, hash, 0);
3725 if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
3729 d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
3730 d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
3731 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
3733 d.inLen = strlen(d.input);
3734 d.outLen = SHA256_DIGEST_SIZE;
3736 EVP_MD_CTX_init(&md_ctx);
3737 EVP_DigestInit(&md_ctx, EVP_sha256());
3739 EVP_DigestUpdate(&md_ctx, d.input, d.inLen);
3740 EVP_DigestFinal(&md_ctx, hash, 0);
3742 if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
3745 #ifdef CYASSL_SHA384
3747 e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
3748 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
3749 e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
3750 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
3751 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
3753 e.inLen = strlen(e.input);
3754 e.outLen = SHA384_DIGEST_SIZE;
3756 EVP_MD_CTX_init(&md_ctx);
3757 EVP_DigestInit(&md_ctx, EVP_sha384());
3759 EVP_DigestUpdate(&md_ctx, e.input, e.inLen);
3760 EVP_DigestFinal(&md_ctx, hash, 0);
3762 if (memcmp(hash, e.output, SHA384_DIGEST_SIZE) != 0)
3765 #endif /* CYASSL_SHA384 */
3768 #ifdef CYASSL_SHA512
3770 f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
3771 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
3772 f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
3773 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
3774 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
3775 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
3777 f.inLen = strlen(f.input);
3778 f.outLen = SHA512_DIGEST_SIZE;
3780 EVP_MD_CTX_init(&md_ctx);
3781 EVP_DigestInit(&md_ctx, EVP_sha512());
3783 EVP_DigestUpdate(&md_ctx, f.input, f.inLen);
3784 EVP_DigestFinal(&md_ctx, hash, 0);
3786 if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
3789 #endif /* CYASSL_SHA512 */
3792 if (RAND_bytes(hash, sizeof(hash)) != 1)
3795 c.input = "what do ya want for nothing?";
3796 c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
3798 c.inLen = strlen(c.input);
3799 c.outLen = MD5_DIGEST_SIZE;
3801 HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0);
3803 if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0)
3807 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
3808 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
3809 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
3810 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
3816 const_DES_cblock key =
3818 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
3823 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
3826 DES_key_schedule sched;
3828 const byte verify[] =
3830 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
3831 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
3832 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
3835 DES_key_sched(&key, &sched);
3837 DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
3838 DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
3840 if (memcmp(plain, vector, sizeof(vector)) != 0)
3843 if (memcmp(cipher, verify, sizeof(verify)) != 0)
3846 /* test changing iv */
3847 DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
3848 DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
3850 if (memcmp(cipher, verify, sizeof(verify)) != 0)
3853 } /* end des test */
3855 { /* evp_cipher test */
3859 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
3860 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
3861 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
3862 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
3865 const byte verify[] =
3867 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
3868 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
3871 byte key[] = "0123456789abcdef "; /* align */
3872 byte iv[] = "1234567890abcdef "; /* align */
3874 byte cipher[AES_BLOCK_SIZE * 4];
3875 byte plain [AES_BLOCK_SIZE * 4];
3877 EVP_CIPHER_CTX_init(&ctx);
3878 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
3881 if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
3884 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
3887 EVP_CIPHER_CTX_init(&ctx);
3888 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
3891 if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
3894 if (memcmp(plain, msg, AES_BLOCK_SIZE))
3898 } /* end evp_cipher test */
3903 #endif /* OPENSSL_EXTRA */
3908 int pkcs12_test(void)
3910 const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
3912 const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
3914 const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
3915 0x00, 0x67, 0x00, 0x00 };
3916 const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
3919 const byte verify[] = {
3920 0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
3921 0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
3922 0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
3925 const byte verify2[] = {
3926 0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
3927 0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
3928 0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
3934 int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
3940 if ( (ret = memcmp(derived, verify, kLen)) != 0)
3944 ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
3949 if ( (ret = memcmp(derived, verify2, 24)) != 0)
3956 int pbkdf2_test(void)
3958 char passwd[] = "password";
3959 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
3960 int iterations = 2048;
3964 const byte verify[] = {
3965 0xBF, 0xDE, 0x6B, 0xE9, 0x4D, 0xF7, 0xE1, 0x1D, 0xD4, 0x09, 0xBC, 0xE2,
3966 0x0A, 0x02, 0x55, 0xEC, 0x32, 0x7C, 0xB9, 0x36, 0xFF, 0xE9, 0x36, 0x43
3970 int ret = PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
3971 iterations, kLen, SHA);
3975 if (memcmp(derived, verify, sizeof(verify)) != 0)
3982 int pbkdf1_test(void)
3984 char passwd[] = "password";
3985 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
3986 int iterations = 1000;
3990 const byte verify[] = {
3991 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, 0xAF, 0x10, 0xEB, 0xFB,
3992 0x4A, 0x3D, 0x2A, 0x20
3995 PBKDF1(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations,
3998 if (memcmp(derived, verify, sizeof(verify)) != 0)
4005 int pwdbased_test(void)
4007 int ret = pbkdf1_test();
4008 ret += pbkdf2_test();
4010 return ret + pkcs12_test();
4013 #endif /* NO_PWDBASED */
4015 #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
4022 byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4023 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4024 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
4025 byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4026 0x08, 0x09, 0x0a, 0x0b, 0x0c };
4027 byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
4029 byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
4030 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
4031 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
4032 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
4033 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
4035 byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
4036 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
4037 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
4038 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
4039 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
4041 byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
4042 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
4043 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
4044 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
4045 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
4047 byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
4048 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
4049 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
4050 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
4051 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
4060 ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4064 if (memcmp(okm1, res1, L) != 0)
4067 ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
4071 if (memcmp(okm1, res2, L) != 0)
4076 ret = HKDF(SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4080 if (memcmp(okm1, res3, L) != 0)
4083 ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
4087 if (memcmp(okm1, res4, L) != 0)
4089 #endif /* NO_SHA256 */
4094 #endif /* HAVE_HKDF */
4106 byte exportBuf[1024];
4109 ecc_key userA, userB, pubKey;
4111 ret = InitRng(&rng);
4119 ret = ecc_make_key(&rng, 32, &userA);
4124 ret = ecc_make_key(&rng, 32, &userB);
4129 x = sizeof(sharedA);
4130 ret = ecc_shared_secret(&userA, &userB, sharedA, &x);
4135 y = sizeof(sharedB);
4136 ret = ecc_shared_secret(&userB, &userA, sharedB, &y);
4144 if (memcmp(sharedA, sharedB, x))
4147 x = sizeof(exportBuf);
4148 ret = ecc_export_x963(&userA, exportBuf, &x);
4152 ret = ecc_import_x963(exportBuf, x, &pubKey);
4157 y = sizeof(sharedB);
4158 ret = ecc_shared_secret(&userB, &pubKey, sharedB, &y);
4163 if (memcmp(sharedA, sharedB, y))
4166 /* test DSA sign hash */
4167 for (i = 0; i < (int)sizeof(digest); i++)
4168 digest[i] = (byte)i;
4171 ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
4177 ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA);
4185 x = sizeof(exportBuf);
4186 ret = ecc_export_private_only(&userA, exportBuf, &x);
4197 #ifdef HAVE_ECC_ENCRYPT
4199 int ecc_encrypt_test(void)
4203 ecc_key userA, userB;
4207 word32 outSz = sizeof(out);
4208 word32 plainSz = sizeof(plain);
4211 ret = InitRng(&rng);
4218 ret = ecc_make_key(&rng, 32, &userA);
4219 ret += ecc_make_key(&rng, 32, &userB);
4224 for (i = 0; i < 48; i++)
4227 /* encrypt msg to B */
4228 ret = ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL);
4232 /* decrypt msg from A */
4233 ret = ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL);
4237 if (memcmp(plain, msg, sizeof(msg)) != 0)
4241 { /* let's verify message exchange works, A is client, B is server */
4242 ecEncCtx* cliCtx = ecc_ctx_new(REQ_RESP_CLIENT, &rng);
4243 ecEncCtx* srvCtx = ecc_ctx_new(REQ_RESP_SERVER, &rng);
4245 byte cliSalt[EXCHANGE_SALT_SZ];
4246 byte srvSalt[EXCHANGE_SALT_SZ];
4247 const byte* tmpSalt;
4249 if (cliCtx == NULL || srvCtx == NULL)
4252 /* get salt to send to peer */
4253 tmpSalt = ecc_ctx_get_own_salt(cliCtx);
4254 if (tmpSalt == NULL)
4256 memcpy(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
4258 tmpSalt = ecc_ctx_get_own_salt(srvCtx);
4259 if (tmpSalt == NULL)
4261 memcpy(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
4263 /* in actual use, we'd get the peer's salt over the transport */
4264 ret = ecc_ctx_set_peer_salt(cliCtx, srvSalt);
4265 ret += ecc_ctx_set_peer_salt(srvCtx, cliSalt);
4270 /* get encrypted msg (request) to send to B */
4271 outSz = sizeof(out);
4272 ret = ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx);
4276 /* B decrypts msg (request) from A */
4277 plainSz = sizeof(plain);
4278 ret = ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx);
4282 if (memcmp(plain, msg, sizeof(msg)) != 0)
4286 /* msg2 (response) from B to A */
4290 word32 outSz2 = sizeof(out2);
4291 word32 plainSz2 = sizeof(plain2);
4293 for (i = 0; i < 48; i++)
4296 /* get encrypted msg (response) to send to B */
4297 ret = ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2,
4302 /* A decrypts msg (response) from B */
4303 ret = ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2,
4308 if (memcmp(plain2, msg2, sizeof(msg2)) != 0)
4313 ecc_ctx_free(srvCtx);
4314 ecc_ctx_free(cliCtx);
4324 #endif /* HAVE_ECC_ENCRYPT */
4325 #endif /* HAVE_ECC */
4329 const byte sample_text[] =
4330 "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
4331 "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
4332 "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
4333 "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
4334 "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
4335 "small batch meggings kogi dolore food truck bespoke gastropub.\n"
4337 "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
4338 "four loko you probably haven't heard of them high life. Messenger bag\n"
4339 "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
4340 "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
4341 "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
4342 "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
4343 "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
4344 "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
4345 "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
4346 "four loko whatever street art yr farm-to-table.\n"
4348 "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
4349 "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
4350 "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
4351 "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
4352 "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
4353 "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
4354 "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
4355 "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
4358 "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
4359 "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
4360 "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
4361 "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
4362 "small batch american apparel. Put a bird on it cosby sweater before they\n"
4363 "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
4364 "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
4365 "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
4366 "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
4367 "neutra PBR selvage.\n"
4369 "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
4370 "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
4371 "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
4372 "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
4373 "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
4374 "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
4375 "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
4376 "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
4377 "mollit magna, sriracha sartorial helvetica.\n"
4379 "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
4380 "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
4381 "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
4382 "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
4383 "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
4384 "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
4385 "Veniam sunt food truck leggings, sint vinyl fap.\n"
4387 "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
4388 "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
4389 "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
4390 "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
4391 "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
4392 "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
4393 "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
4394 "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
4395 "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
4397 "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
4398 "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
4399 "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
4400 "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
4401 "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
4402 "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
4403 "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
4404 "bag dolor terry richardson sapiente.\n";
4407 int compress_test(void)
4410 word32 dSz = sizeof(sample_text);
4411 word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
4415 c = calloc(cSz, sizeof(byte));
4416 d = calloc(dSz, sizeof(byte));
4418 if (c == NULL || d == NULL)
4421 if (ret == 0 && (ret = Compress(c, cSz, sample_text, dSz, 0)) < 0)
4429 if (ret == 0 && DeCompress(d, dSz, c, cSz) != (int)dSz)
4432 if (ret == 0 && memcmp(d, sample_text, dSz))
4441 #endif /* HAVE_LIBZ */
4445 int pkcs7enveloped_test(void)
4450 int envelopedSz, decodedSz;
4454 byte enveloped[2048];
4462 const char* pkcs7OutFile = "pkcs7envelopedData.der";
4464 const byte data[] = { /* Hello World */
4465 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
4469 /* read client cert and key in DER format */
4470 cert = (byte*)malloc(FOURK_BUF);
4474 privKey = (byte*)malloc(FOURK_BUF);
4475 if (privKey == NULL) {
4480 certFile = fopen(clientCert, "rb");
4484 err_sys("can't open ./certs/client-cert.der, "
4485 "Please run from CyaSSL home dir", -42);
4488 certSz = fread(cert, 1, FOURK_BUF, certFile);
4491 keyFile = fopen(clientKey, "rb");
4495 err_sys("can't open ./certs/client-key.der, "
4496 "Please run from CyaSSL home dir", -43);
4499 privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
4502 PKCS7_InitWithCert(&pkcs7, cert, (word32)certSz);
4503 pkcs7.content = (byte*)data;
4504 pkcs7.contentSz = (word32)sizeof(data);
4505 pkcs7.contentOID = DATA;
4506 pkcs7.encryptOID = cipher;
4507 pkcs7.privateKey = privKey;
4508 pkcs7.privateKeySz = (word32)privKeySz;
4510 /* encode envelopedData */
4511 envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
4513 if (envelopedSz <= 0) {
4519 /* decode envelopedData */
4520 decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
4521 decoded, sizeof(decoded));
4522 if (decodedSz <= 0) {
4528 /* test decode result */
4529 if (memcmp(decoded, data, sizeof(data)) != 0) {
4535 /* output pkcs7 envelopedData for external testing */
4536 pkcs7File = fopen(pkcs7OutFile, "wb");
4543 ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
4556 int pkcs7signed_test(void)
4564 char data[] = "Hello World";
4565 word32 dataSz, outSz, certDerSz, keyDerSz;
4570 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4572 byte messageTypeOid[] =
4573 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4575 byte senderNonceOid[] =
4576 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4578 byte transId[(SHA_DIGEST_SIZE + 1) * 2 + 1];
4579 byte messageType[] = { 0x13, 2, '1', '9' };
4580 byte senderNonce[PKCS7_NONCE_SZ + 2];
4582 PKCS7Attrib attribs[] =
4584 { transIdOid, sizeof(transIdOid),
4585 transId, sizeof(transId) - 1 }, /* take off the null */
4586 { messageTypeOid, sizeof(messageTypeOid),
4587 messageType, sizeof(messageType) },
4588 { senderNonceOid, sizeof(senderNonceOid),
4589 senderNonce, sizeof(senderNonce) }
4592 dataSz = (word32) strlen(data);
4595 certDer = (byte*)malloc(FOURK_BUF);
4596 if (certDer == NULL)
4598 keyDer = (byte*)malloc(FOURK_BUF);
4599 if (keyDer == NULL) {
4603 out = (byte*)malloc(FOURK_BUF);
4610 /* read in DER cert of recipient, into cert of size certSz */
4611 file = fopen(clientCert, "rb");
4616 err_sys("can't open ./certs/client-cert.der, "
4617 "Please run from CyaSSL home dir", -44);
4619 certDerSz = (word32)fread(certDer, 1, FOURK_BUF, file);
4622 file = fopen(clientKey, "rb");
4627 err_sys("can't open ./certs/client-key.der, "
4628 "Please run from CyaSSL home dir", -45);
4630 keyDerSz = (word32)fread(keyDer, 1, FOURK_BUF, file);
4633 ret = InitRng(&rng);
4641 senderNonce[0] = 0x04;
4642 senderNonce[1] = PKCS7_NONCE_SZ;
4644 ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
4652 PKCS7_InitWithCert(&msg, certDer, certDerSz);
4653 msg.privateKey = keyDer;
4654 msg.privateKeySz = keyDerSz;
4655 msg.content = (byte*)data;
4656 msg.contentSz = dataSz;
4658 msg.encryptOID = RSAk;
4659 msg.signedAttribs = attribs;
4660 msg.signedAttribsSz = sizeof(attribs)/sizeof(PKCS7Attrib);
4664 byte digest[SHA_DIGEST_SIZE];
4668 transId[1] = SHA_DIGEST_SIZE * 2;
4670 ret = InitSha(&sha);
4677 ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
4678 ShaFinal(&sha, digest);
4680 for (i = 0, j = 2; i < SHA_DIGEST_SIZE; i++, j += 2) {
4681 snprintf((char*)&transId[j], 3, "%02x", digest[i]);
4684 ret = PKCS7_EncodeSignedData(&msg, out, outSz);
4695 /* write PKCS#7 to output file for more testing */
4696 file = fopen("./pkcs7signedData.der", "wb");
4704 ret = (int)fwrite(out, 1, outSz, file);
4706 if (ret != (int)outSz) {
4715 PKCS7_InitWithCert(&msg, NULL, 0);
4717 ret = PKCS7_VerifySignedData(&msg, out, outSz);
4726 if (msg.singleCert == NULL || msg.singleCertSz == 0) {
4734 file = fopen("./pkcs7cert.der", "wb");
4742 ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file);
4756 #endif /* HAVE_PKCS7 */
4758 #endif /* NO_CRYPT_TEST */