3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <cyassl/ctaocrypt/settings.h>
29 #include <stdlib.h> /* we're using malloc / free direct here */
34 #ifdef CYASSL_TEST_CERT
35 #include <cyassl/ctaocrypt/asn.h>
37 #include <cyassl/ctaocrypt/asn_public.h>
39 #include <cyassl/ctaocrypt/md2.h>
40 #include <cyassl/ctaocrypt/md5.h>
41 #include <cyassl/ctaocrypt/md4.h>
42 #include <cyassl/ctaocrypt/sha.h>
43 #include <cyassl/ctaocrypt/sha256.h>
44 #include <cyassl/ctaocrypt/sha512.h>
45 #include <cyassl/ctaocrypt/arc4.h>
46 #include <cyassl/ctaocrypt/random.h>
47 #include <cyassl/ctaocrypt/coding.h>
48 #include <cyassl/ctaocrypt/rsa.h>
49 #include <cyassl/ctaocrypt/des3.h>
50 #include <cyassl/ctaocrypt/aes.h>
51 #include <cyassl/ctaocrypt/camellia.h>
52 #include <cyassl/ctaocrypt/hmac.h>
53 #include <cyassl/ctaocrypt/dh.h>
54 #include <cyassl/ctaocrypt/dsa.h>
55 #include <cyassl/ctaocrypt/hc128.h>
56 #include <cyassl/ctaocrypt/rabbit.h>
57 #include <cyassl/ctaocrypt/pwdbased.h>
58 #include <cyassl/ctaocrypt/ripemd.h>
60 #include <cyassl/ctaocrypt/ecc.h>
63 #include <cyassl/ctaocrypt/blake2.h>
66 #include <cyassl/ctaocrypt/compress.h>
69 #include <cyassl/ctaocrypt/pkcs7.h>
73 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
74 #pragma warning(disable: 4996)
78 #include <cyassl/openssl/evp.h>
79 #include <cyassl/openssl/rand.h>
80 #include <cyassl/openssl/hmac.h>
81 #include <cyassl/openssl/des.h>
85 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)
86 /* include test cert and key buffers for use with NO_FILESYSTEM */
87 #if defined(CYASSL_MDK_ARM)
88 #include "cert_data.h"
89 /* use certs_test.c for initial data, so other
90 commands can share the data. */
92 #include <cyassl/certs_test.h>
96 #if defined(CYASSL_MDK_ARM)
99 extern FILE * CyaSSL_fopen(const char *fname, const char *mode) ;
100 #define fopen CyaSSL_fopen
104 #include "ntru_crypto.h"
107 #include "cavium_sysdep.h"
108 #include "cavium_common.h"
109 #include "cavium_ioctl.h"
122 /* since just testing, use THREADX log printf instead */
123 int dc_log_printf(char*, ...);
125 #define printf dc_log_printf
128 #include "ctaocrypt/test/test.h"
131 typedef struct testVector {
142 int sha256_test(void);
143 int sha512_test(void);
144 int sha384_test(void);
145 int hmac_md5_test(void);
146 int hmac_sha_test(void);
147 int hmac_sha256_test(void);
148 int hmac_sha384_test(void);
149 int hmac_sha512_test(void);
150 int hmac_blake2b_test(void);
153 int hc128_test(void);
154 int rabbit_test(void);
158 int aesgcm_test(void);
160 int aesccm_test(void);
161 int camellia_test(void);
165 int random_test(void);
166 int pwdbased_test(void);
167 int ripemd_test(void);
168 int openssl_test(void); /* test mini api */
169 int pbkdf1_test(void);
170 int pkcs12_test(void);
171 int pbkdf2_test(void);
174 #ifdef HAVE_ECC_ENCRYPT
175 int ecc_encrypt_test(void);
179 int blake2b_test(void);
182 int compress_test(void);
185 int pkcs7enveloped_test(void);
186 int pkcs7signed_test(void);
191 static void err_sys(const char* msg, int es)
193 printf("%s error = %d\n", msg, es);
194 #if !defined(THREADX) && !defined(CYASSL_MDK_ARM)
201 /* func_args from test.h, so don't have to pull in other junk */
202 typedef struct func_args {
210 void ctaocrypt_test(void* args)
214 ((func_args*)args)->return_code = -1; /* error state */
216 #if !defined(NO_BIG_INT)
217 if (CheckCtcSettings() != 1)
218 err_sys("Build vs runtime math mismatch\n", -1234);
221 if (CheckFastMathSettings() != 1)
222 err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
223 #endif /* USE_FAST_MATH */
224 #endif /* !NO_BIG_INT */
228 if ( (ret = md5_test()) != 0)
229 err_sys("MD5 test failed!\n", ret);
231 printf( "MD5 test passed!\n");
235 if ( (ret = md2_test()) != 0)
236 err_sys("MD2 test failed!\n", ret);
238 printf( "MD2 test passed!\n");
242 if ( (ret = md4_test()) != 0)
243 err_sys("MD4 test failed!\n", ret);
245 printf( "MD4 test passed!\n");
249 if ( (ret = sha_test()) != 0)
250 err_sys("SHA test failed!\n", ret);
252 printf( "SHA test passed!\n");
256 if ( (ret = sha256_test()) != 0)
257 err_sys("SHA-256 test failed!\n", ret);
259 printf( "SHA-256 test passed!\n");
263 if ( (ret = sha384_test()) != 0)
264 err_sys("SHA-384 test failed!\n", ret);
266 printf( "SHA-384 test passed!\n");
270 if ( (ret = sha512_test()) != 0)
271 err_sys("SHA-512 test failed!\n", ret);
273 printf( "SHA-512 test passed!\n");
277 if ( (ret = ripemd_test()) != 0)
278 err_sys("RIPEMD test failed!\n", ret);
280 printf( "RIPEMD test passed!\n");
284 if ( (ret = blake2b_test()) != 0)
285 err_sys("BLAKE2b test failed!\n", ret);
287 printf( "BLAKE2b test passed!\n");
292 if ( (ret = hmac_md5_test()) != 0)
293 err_sys("HMAC-MD5 test failed!\n", ret);
295 printf( "HMAC-MD5 test passed!\n");
299 if ( (ret = hmac_sha_test()) != 0)
300 err_sys("HMAC-SHA test failed!\n", ret);
302 printf( "HMAC-SHA test passed!\n");
306 if ( (ret = hmac_sha256_test()) != 0)
307 err_sys("HMAC-SHA256 test failed!\n", ret);
309 printf( "HMAC-SHA256 test passed!\n");
313 if ( (ret = hmac_sha384_test()) != 0)
314 err_sys("HMAC-SHA384 test failed!\n", ret);
316 printf( "HMAC-SHA384 test passed!\n");
320 if ( (ret = hmac_sha512_test()) != 0)
321 err_sys("HMAC-SHA512 test failed!\n", ret);
323 printf( "HMAC-SHA512 test passed!\n");
327 if ( (ret = hmac_blake2b_test()) != 0)
328 err_sys("HMAC-BLAKE2 test failed!\n", ret);
330 printf( "HMAC-BLAKE2 test passed!\n");
334 if ( (ret = hkdf_test()) != 0)
335 err_sys("HMAC-KDF test failed!\n", ret);
337 printf( "HMAC-KDF test passed!\n");
343 if ( (ret = gmac_test()) != 0)
344 err_sys("GMAC test passed!\n", ret);
346 printf( "GMAC test passed!\n");
350 if ( (ret = arc4_test()) != 0)
351 err_sys("ARC4 test failed!\n", ret);
353 printf( "ARC4 test passed!\n");
357 if ( (ret = hc128_test()) != 0)
358 err_sys("HC-128 test failed!\n", ret);
360 printf( "HC-128 test passed!\n");
364 if ( (ret = rabbit_test()) != 0)
365 err_sys("Rabbit test failed!\n", ret);
367 printf( "Rabbit test passed!\n");
371 if ( (ret = des_test()) != 0)
372 err_sys("DES test failed!\n", ret);
374 printf( "DES test passed!\n");
378 if ( (ret = des3_test()) != 0)
379 err_sys("DES3 test failed!\n", ret);
381 printf( "DES3 test passed!\n");
385 if ( (ret = aes_test()) != 0)
386 err_sys("AES test failed!\n", ret);
388 printf( "AES test passed!\n");
391 if ( (ret = aesgcm_test()) != 0)
392 err_sys("AES-GCM test failed!\n", ret);
394 printf( "AES-GCM test passed!\n");
398 if ( (ret = aesccm_test()) != 0)
399 err_sys("AES-CCM test failed!\n", ret);
401 printf( "AES-CCM test passed!\n");
406 if ( (ret = camellia_test()) != 0)
407 err_sys("CAMELLIA test failed!\n", ret);
409 printf( "CAMELLIA test passed!\n");
412 if ( (ret = random_test()) != 0)
413 err_sys("RANDOM test failed!\n", ret);
415 printf( "RANDOM test passed!\n");
418 if ( (ret = rsa_test()) != 0)
419 err_sys("RSA test failed!\n", ret);
421 printf( "RSA test passed!\n");
425 if ( (ret = dh_test()) != 0)
426 err_sys("DH test failed!\n", ret);
428 printf( "DH test passed!\n");
432 if ( (ret = dsa_test()) != 0)
433 err_sys("DSA test failed!\n", ret);
435 printf( "DSA test passed!\n");
439 if ( (ret = pwdbased_test()) != 0)
440 err_sys("PWDBASED test failed!\n", ret);
442 printf( "PWDBASED test passed!\n");
446 if ( (ret = openssl_test()) != 0)
447 err_sys("OPENSSL test failed!\n", ret);
449 printf( "OPENSSL test passed!\n");
453 if ( (ret = ecc_test()) != 0)
454 err_sys("ECC test failed!\n", ret);
456 printf( "ECC test passed!\n");
457 #ifdef HAVE_ECC_ENCRYPT
458 if ( (ret = ecc_encrypt_test()) != 0)
459 err_sys("ECC Enc test failed!\n", ret);
461 printf( "ECC Enc test passed!\n");
466 if ( (ret = compress_test()) != 0)
467 err_sys("COMPRESS test failed!\n", ret);
469 printf( "COMPRESS test passed!\n");
473 if ( (ret = pkcs7enveloped_test()) != 0)
474 err_sys("PKCS7enveloped test failed!\n", ret);
476 printf( "PKCS7enveloped test passed!\n");
478 if ( (ret = pkcs7signed_test()) != 0)
479 err_sys("PKCS7signed test failed!\n", ret);
481 printf( "PKCS7signed test passed!\n");
484 ((func_args*)args)->return_code = ret;
488 #ifndef NO_MAIN_DRIVER
492 static int OpenNitroxDevice(int dma_mode,int dev_id)
494 Csp1CoreAssignment core_assign;
497 if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
499 if (Csp1GetDevType(&device))
501 if (device != NPX_DEVICE) {
502 if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
503 (Uint32 *)&core_assign)!= 0)
506 CspShutdown(CAVIUM_DEV_ID);
508 return CspInitialize(dma_mode, dev_id);
511 #endif /* HAVE_CAVIUM */
513 /* so overall tests can pull in test function */
515 int main(int argc, char** argv)
522 int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
524 err_sys("Cavium OpenNitroxDevice failed", -1236);
525 #endif /* HAVE_CAVIUM */
530 ctaocrypt_test(&args);
533 CspShutdown(CAVIUM_DEV_ID);
536 return args.return_code;
539 #endif /* NO_MAIN_DRIVER */
546 byte hash[MD2_DIGEST_SIZE];
548 testVector a, b, c, d, e, f, g;
549 testVector test_md2[7];
550 int times = sizeof(test_md2) / sizeof(testVector), i;
553 a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
555 a.inLen = strlen(a.input);
556 a.outLen = MD2_DIGEST_SIZE;
559 b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
561 b.inLen = strlen(b.input);
562 b.outLen = MD2_DIGEST_SIZE;
565 c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
567 c.inLen = strlen(c.input);
568 c.outLen = MD2_DIGEST_SIZE;
570 d.input = "message digest";
571 d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
573 d.inLen = strlen(d.input);
574 d.outLen = MD2_DIGEST_SIZE;
576 e.input = "abcdefghijklmnopqrstuvwxyz";
577 e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
579 e.inLen = strlen(e.input);
580 e.outLen = MD2_DIGEST_SIZE;
582 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
584 f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
586 f.inLen = strlen(f.input);
587 f.outLen = MD2_DIGEST_SIZE;
589 g.input = "1234567890123456789012345678901234567890123456789012345678"
590 "9012345678901234567890";
591 g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
593 g.inLen = strlen(g.input);
594 g.outLen = MD2_DIGEST_SIZE;
606 for (i = 0; i < times; ++i) {
607 Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
608 Md2Final(&md2, hash);
610 if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
622 byte hash[MD5_DIGEST_SIZE];
624 testVector a, b, c, d, e;
625 testVector test_md5[5];
626 int times = sizeof(test_md5) / sizeof(testVector), i;
629 a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
631 a.inLen = strlen(a.input);
632 a.outLen = MD5_DIGEST_SIZE;
634 b.input = "message digest";
635 b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
637 b.inLen = strlen(b.input);
638 b.outLen = MD5_DIGEST_SIZE;
640 c.input = "abcdefghijklmnopqrstuvwxyz";
641 c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
643 c.inLen = strlen(c.input);
644 c.outLen = MD5_DIGEST_SIZE;
646 d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
648 d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
650 d.inLen = strlen(d.input);
651 d.outLen = MD5_DIGEST_SIZE;
653 e.input = "1234567890123456789012345678901234567890123456789012345678"
654 "9012345678901234567890";
655 e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
657 e.inLen = strlen(e.input);
658 e.outLen = MD5_DIGEST_SIZE;
668 for (i = 0; i < times; ++i) {
669 Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
670 Md5Final(&md5, hash);
672 if (memcmp(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
686 byte hash[MD4_DIGEST_SIZE];
688 testVector a, b, c, d, e, f, g;
689 testVector test_md4[7];
690 int times = sizeof(test_md4) / sizeof(testVector), i;
693 a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
695 a.inLen = strlen(a.input);
696 a.outLen = MD4_DIGEST_SIZE;
699 b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
701 b.inLen = strlen(b.input);
702 b.outLen = MD4_DIGEST_SIZE;
705 c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
707 c.inLen = strlen(c.input);
708 c.outLen = MD4_DIGEST_SIZE;
710 d.input = "message digest";
711 d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
713 d.inLen = strlen(d.input);
714 d.outLen = MD4_DIGEST_SIZE;
716 e.input = "abcdefghijklmnopqrstuvwxyz";
717 e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
719 e.inLen = strlen(e.input);
720 e.outLen = MD4_DIGEST_SIZE;
722 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
724 f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
726 f.inLen = strlen(f.input);
727 f.outLen = MD4_DIGEST_SIZE;
729 g.input = "1234567890123456789012345678901234567890123456789012345678"
730 "9012345678901234567890";
731 g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
733 g.inLen = strlen(g.input);
734 g.outLen = MD4_DIGEST_SIZE;
746 for (i = 0; i < times; ++i) {
747 Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
748 Md4Final(&md4, hash);
750 if (memcmp(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
764 byte hash[SHA_DIGEST_SIZE];
766 testVector a, b, c, d;
767 testVector test_sha[4];
769 int times = sizeof(test_sha) / sizeof(struct testVector), i;
772 a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
773 "\x6C\x9C\xD0\xD8\x9D";
774 a.inLen = strlen(a.input);
775 a.outLen = SHA_DIGEST_SIZE;
777 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
778 b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
779 "\xE5\xE5\x46\x70\xF1";
780 b.inLen = strlen(b.input);
781 b.outLen = SHA_DIGEST_SIZE;
783 c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
785 c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
786 "\x2A\x25\xEC\x64\x4D";
787 c.inLen = strlen(c.input);
788 c.outLen = SHA_DIGEST_SIZE;
790 d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
791 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
793 d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
794 "\x53\x99\x5E\x26\xA0";
795 d.inLen = strlen(d.input);
796 d.outLen = SHA_DIGEST_SIZE;
807 for (i = 0; i < times; ++i) {
808 ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
809 ShaFinal(&sha, hash);
811 if (memcmp(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
821 int ripemd_test(void)
824 byte hash[RIPEMD_DIGEST_SIZE];
826 testVector a, b, c, d;
827 testVector test_ripemd[4];
828 int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
831 a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
832 "\xb0\x87\xf1\x5a\x0b\xfc";
833 a.inLen = strlen(a.input);
834 a.outLen = RIPEMD_DIGEST_SIZE;
836 b.input = "message digest";
837 b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
838 "\x5f\xfa\x21\x59\x5f\x36";
839 b.inLen = strlen(b.input);
840 b.outLen = RIPEMD_DIGEST_SIZE;
842 c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
843 c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
844 "\xf4\x9a\xda\x62\xeb\x2b";
845 c.inLen = strlen(c.input);
846 c.outLen = RIPEMD_DIGEST_SIZE;
848 d.input = "12345678901234567890123456789012345678901234567890123456"
849 "789012345678901234567890";
850 d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
851 "\x82\xbf\x63\x32\x6b\xfb";
852 d.inLen = strlen(d.input);
853 d.outLen = RIPEMD_DIGEST_SIZE;
862 for (i = 0; i < times; ++i) {
863 RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
864 (word32)test_ripemd[i].inLen);
865 RipeMdFinal(&ripemd, hash);
867 if (memcmp(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
873 #endif /* CYASSL_RIPEMD */
879 #define BLAKE2_TESTS 3
881 static const byte blake2b_vec[BLAKE2_TESTS][BLAKE2B_OUTBYTES] =
884 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
885 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
886 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
887 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
888 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
889 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
890 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
891 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
894 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
895 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
896 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
897 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
898 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
899 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
900 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
901 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
904 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
905 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
906 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
907 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
908 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
909 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
910 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
911 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
917 int blake2b_test(void)
924 for (i = 0; i < (int)sizeof(input); i++)
927 for (i = 0; i < BLAKE2_TESTS; i++) {
928 ret = InitBlake2b(&b2b, 64);
932 ret = Blake2bUpdate(&b2b, input, i);
936 ret = Blake2bFinal(&b2b, digest, 64);
940 if (memcmp(digest, blake2b_vec[i], 64) != 0) {
947 #endif /* HAVE_BLAKE2 */
951 int sha256_test(void)
954 byte hash[SHA256_DIGEST_SIZE];
957 testVector test_sha[2];
959 int times = sizeof(test_sha) / sizeof(struct testVector), i;
962 a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
963 "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
965 a.inLen = strlen(a.input);
966 a.outLen = SHA256_DIGEST_SIZE;
968 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
969 b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
970 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
972 b.inLen = strlen(b.input);
973 b.outLen = SHA256_DIGEST_SIZE;
978 ret = InitSha256(&sha);
982 for (i = 0; i < times; ++i) {
983 ret = Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
986 ret = Sha256Final(&sha, hash);
990 if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
1000 int sha512_test(void)
1003 byte hash[SHA512_DIGEST_SIZE];
1007 testVector test_sha[2];
1008 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1011 a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
1012 "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
1013 "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
1014 "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
1016 a.inLen = strlen(a.input);
1017 a.outLen = SHA512_DIGEST_SIZE;
1019 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1020 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1021 b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
1022 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
1023 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
1024 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
1026 b.inLen = strlen(b.input);
1027 b.outLen = SHA512_DIGEST_SIZE;
1032 ret = InitSha512(&sha);
1036 for (i = 0; i < times; ++i) {
1037 ret = Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1041 ret = Sha512Final(&sha, hash);
1045 if (memcmp(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
1054 #ifdef CYASSL_SHA384
1055 int sha384_test(void)
1058 byte hash[SHA384_DIGEST_SIZE];
1062 testVector test_sha[2];
1063 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1066 a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
1067 "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
1068 "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
1070 a.inLen = strlen(a.input);
1071 a.outLen = SHA384_DIGEST_SIZE;
1073 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1074 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1075 b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
1076 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
1077 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
1079 b.inLen = strlen(b.input);
1080 b.outLen = SHA384_DIGEST_SIZE;
1085 ret = InitSha384(&sha);
1089 for (i = 0; i < times; ++i) {
1090 ret = Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1094 ret = Sha384Final(&sha, hash);
1098 if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
1104 #endif /* CYASSL_SHA384 */
1107 #if !defined(NO_HMAC) && !defined(NO_MD5)
1108 int hmac_md5_test(void)
1111 byte hash[MD5_DIGEST_SIZE];
1115 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
1117 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1121 testVector test_hmac[3];
1124 int times = sizeof(test_hmac) / sizeof(testVector), i;
1126 a.input = "Hi There";
1127 a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
1129 a.inLen = strlen(a.input);
1130 a.outLen = MD5_DIGEST_SIZE;
1132 b.input = "what do ya want for nothing?";
1133 b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
1135 b.inLen = strlen(b.input);
1136 b.outLen = MD5_DIGEST_SIZE;
1138 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1139 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1140 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1141 "\xDD\xDD\xDD\xDD\xDD\xDD";
1142 c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
1144 c.inLen = strlen(c.input);
1145 c.outLen = MD5_DIGEST_SIZE;
1151 for (i = 0; i < times; ++i) {
1152 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1154 continue; /* cavium can't handle short keys, fips not allowed */
1157 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1160 ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
1163 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1164 (word32)test_hmac[i].inLen);
1167 ret = HmacFinal(&hmac, hash);
1171 if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0)
1174 HmacFreeCavium(&hmac);
1180 #endif /* NO_HMAC && NO_MD5 */
1182 #if !defined(NO_HMAC) && !defined(NO_SHA)
1183 int hmac_sha_test(void)
1186 byte hash[SHA_DIGEST_SIZE];
1190 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1193 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1198 testVector test_hmac[3];
1201 int times = sizeof(test_hmac) / sizeof(testVector), i;
1203 a.input = "Hi There";
1204 a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
1205 "\x8e\xf1\x46\xbe\x00";
1206 a.inLen = strlen(a.input);
1207 a.outLen = SHA_DIGEST_SIZE;
1209 b.input = "what do ya want for nothing?";
1210 b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
1211 "\x9c\x25\x9a\x7c\x79";
1212 b.inLen = strlen(b.input);
1213 b.outLen = SHA_DIGEST_SIZE;
1215 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1216 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1217 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1218 "\xDD\xDD\xDD\xDD\xDD\xDD";
1219 c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
1220 "\x4f\x63\xf1\x75\xd3";
1221 c.inLen = strlen(c.input);
1222 c.outLen = SHA_DIGEST_SIZE;
1228 for (i = 0; i < times; ++i) {
1229 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1231 continue; /* cavium can't handle short keys, fips not allowed */
1234 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1237 ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
1240 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1241 (word32)test_hmac[i].inLen);
1244 ret = HmacFinal(&hmac, hash);
1248 if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0)
1251 HmacFreeCavium(&hmac);
1260 #if !defined(NO_HMAC) && !defined(NO_SHA256)
1261 int hmac_sha256_test(void)
1264 byte hash[SHA256_DIGEST_SIZE];
1268 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1271 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1276 testVector test_hmac[3];
1279 int times = sizeof(test_hmac) / sizeof(testVector), i;
1281 a.input = "Hi There";
1282 a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
1283 "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
1285 a.inLen = strlen(a.input);
1286 a.outLen = SHA256_DIGEST_SIZE;
1288 b.input = "what do ya want for nothing?";
1289 b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
1290 "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
1292 b.inLen = strlen(b.input);
1293 b.outLen = SHA256_DIGEST_SIZE;
1295 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1296 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1297 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1298 "\xDD\xDD\xDD\xDD\xDD\xDD";
1299 c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
1300 "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
1302 c.inLen = strlen(c.input);
1303 c.outLen = SHA256_DIGEST_SIZE;
1309 for (i = 0; i < times; ++i) {
1310 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1312 continue; /* cavium can't handle short keys, fips not allowed */
1315 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1318 ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i]));
1321 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1322 (word32)test_hmac[i].inLen);
1325 ret = HmacFinal(&hmac, hash);
1329 if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0)
1332 HmacFreeCavium(&hmac);
1341 #if !defined(NO_HMAC) && defined(HAVE_BLAKE2)
1342 int hmac_blake2b_test(void)
1345 byte hash[BLAKE2B_256];
1349 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1352 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1357 testVector test_hmac[3];
1360 int times = sizeof(test_hmac) / sizeof(testVector), i;
1362 a.input = "Hi There";
1363 a.output = "\x72\x93\x0d\xdd\xf5\xf7\xe1\x78\x38\x07\x44\x18\x0b\x3f\x51"
1364 "\x37\x25\xb5\x82\xc2\x08\x83\x2f\x1c\x99\xfd\x03\xa0\x16\x75"
1366 a.inLen = strlen(a.input);
1367 a.outLen = BLAKE2B_256;
1369 b.input = "what do ya want for nothing?";
1370 b.output = "\x3d\x20\x50\x71\x05\xc0\x8c\x0c\x38\x44\x1e\xf7\xf9\xd1\x67"
1371 "\x21\xff\x64\xf5\x94\x00\xcf\xf9\x75\x41\xda\x88\x61\x9d\x7c"
1373 b.inLen = strlen(b.input);
1374 b.outLen = BLAKE2B_256;
1376 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1377 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1378 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1379 "\xDD\xDD\xDD\xDD\xDD\xDD";
1380 c.output = "\xda\xfe\x2a\x24\xfc\xe7\xea\x36\x34\xbe\x41\x92\xc7\x11\xa7"
1381 "\x00\xae\x53\x9c\x11\x9c\x80\x74\x55\x22\x25\x4a\xb9\x55\xd3"
1383 c.inLen = strlen(c.input);
1384 c.outLen = BLAKE2B_256;
1390 for (i = 0; i < times; ++i) {
1391 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1393 continue; /* cavium can't handle short keys, fips not allowed */
1396 if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1399 ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
1400 (word32)strlen(keys[i]));
1403 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1404 (word32)test_hmac[i].inLen);
1407 ret = HmacFinal(&hmac, hash);
1411 if (memcmp(hash, test_hmac[i].output, BLAKE2B_256) != 0)
1414 HmacFreeCavium(&hmac);
1423 #if !defined(NO_HMAC) && defined(CYASSL_SHA384)
1424 int hmac_sha384_test(void)
1427 byte hash[SHA384_DIGEST_SIZE];
1431 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1434 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1439 testVector test_hmac[3];
1442 int times = sizeof(test_hmac) / sizeof(testVector), i;
1444 a.input = "Hi There";
1445 a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
1446 "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
1447 "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
1449 a.inLen = strlen(a.input);
1450 a.outLen = SHA384_DIGEST_SIZE;
1452 b.input = "what do ya want for nothing?";
1453 b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
1454 "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
1455 "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
1457 b.inLen = strlen(b.input);
1458 b.outLen = SHA384_DIGEST_SIZE;
1460 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1461 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1462 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1463 "\xDD\xDD\xDD\xDD\xDD\xDD";
1464 c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
1465 "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
1466 "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
1468 c.inLen = strlen(c.input);
1469 c.outLen = SHA384_DIGEST_SIZE;
1475 for (i = 0; i < times; ++i) {
1476 #if defined(HAVE_FIPS)
1478 continue; /* fips not allowed */
1480 ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
1483 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1484 (word32)test_hmac[i].inLen);
1487 ret = HmacFinal(&hmac, hash);
1491 if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0)
1500 #if !defined(NO_HMAC) && defined(CYASSL_SHA512)
1501 int hmac_sha512_test(void)
1504 byte hash[SHA512_DIGEST_SIZE];
1508 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1511 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1516 testVector test_hmac[3];
1519 int times = sizeof(test_hmac) / sizeof(testVector), i;
1521 a.input = "Hi There";
1522 a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
1523 "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
1524 "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
1525 "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
1527 a.inLen = strlen(a.input);
1528 a.outLen = SHA512_DIGEST_SIZE;
1530 b.input = "what do ya want for nothing?";
1531 b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
1532 "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
1533 "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
1534 "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
1536 b.inLen = strlen(b.input);
1537 b.outLen = SHA512_DIGEST_SIZE;
1539 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1540 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1541 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1542 "\xDD\xDD\xDD\xDD\xDD\xDD";
1543 c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
1544 "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
1545 "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
1546 "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
1548 c.inLen = strlen(c.input);
1549 c.outLen = SHA512_DIGEST_SIZE;
1555 for (i = 0; i < times; ++i) {
1556 #if defined(HAVE_FIPS)
1558 continue; /* fips not allowed */
1560 ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
1563 ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1564 (word32)test_hmac[i].inLen);
1567 ret = HmacFinal(&hmac, hash);
1571 if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0)
1586 const char* keys[] =
1588 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1589 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1590 "\x00\x00\x00\x00\x00\x00\x00\x00",
1594 testVector a, b, c, d;
1595 testVector test_arc4[4];
1597 int times = sizeof(test_arc4) / sizeof(testVector), i;
1599 a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
1600 a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
1604 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1605 b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
1609 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1610 c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
1614 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1615 d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
1624 for (i = 0; i < times; ++i) {
1627 int keylen = 8; /* strlen with key 0x00 not good */
1632 if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0)
1634 if (Arc4InitCavium(&dec, CAVIUM_DEV_ID) != 0)
1638 Arc4SetKey(&enc, (byte*)keys[i], keylen);
1639 Arc4SetKey(&dec, (byte*)keys[i], keylen);
1641 Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
1642 (word32)test_arc4[i].outLen);
1643 Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
1645 if (memcmp(plain, test_arc4[i].input, test_arc4[i].outLen))
1648 if (memcmp(cipher, test_arc4[i].output, test_arc4[i].outLen))
1652 Arc4FreeCavium(&enc);
1653 Arc4FreeCavium(&dec);
1662 int hc128_test(void)
1668 const char* keys[] =
1670 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1671 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1672 "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
1673 "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
1678 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1679 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1680 "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
1681 "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
1685 testVector a, b, c, d;
1686 testVector test_hc128[4];
1688 int times = sizeof(test_hc128) / sizeof(testVector), i;
1690 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1691 a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
1695 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1696 b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
1700 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1701 c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
1705 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1706 d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
1715 for (i = 0; i < times; ++i) {
1719 /* align keys/ivs in plain/cipher buffers */
1720 memcpy(plain, keys[i], 16);
1721 memcpy(cipher, ivs[i], 16);
1723 Hc128_SetKey(&enc, plain, cipher);
1724 Hc128_SetKey(&dec, plain, cipher);
1727 memcpy(plain, test_hc128[i].input, test_hc128[i].outLen);
1728 Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen);
1729 Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen);
1731 if (memcmp(plain, test_hc128[i].input, test_hc128[i].outLen))
1734 if (memcmp(cipher, test_hc128[i].output, test_hc128[i].outLen))
1735 return -120 - 5 - i;
1738 #endif /* HAVE_HC128 */
1744 int rabbit_test(void)
1749 const char* keys[] =
1751 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1752 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1753 "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
1758 "\x00\x00\x00\x00\x00\x00\x00\x00",
1759 "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
1764 testVector test_rabbit[3];
1766 int times = sizeof(test_rabbit) / sizeof(testVector), i;
1768 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1769 a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
1773 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1774 b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
1778 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1779 c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
1787 for (i = 0; i < times; ++i) {
1792 /* align keys/ivs in plain/cipher buffers */
1793 memcpy(plain, keys[i], 16);
1795 memcpy(cipher, ivs[i], 8);
1799 RabbitSetKey(&enc, plain, iv);
1800 RabbitSetKey(&dec, plain, iv);
1803 memcpy(plain, test_rabbit[i].input, test_rabbit[i].outLen);
1804 RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
1805 RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
1807 if (memcmp(plain, test_rabbit[i].input, test_rabbit[i].outLen))
1810 if (memcmp(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
1811 return -130 - 5 - i;
1816 #endif /* NO_RABBIT */
1822 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
1823 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1824 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1825 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1836 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
1841 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
1844 const byte verify[] =
1846 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
1847 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
1848 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
1853 ret = Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
1857 Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
1858 ret = Des_SetKey(&dec, key, iv, DES_DECRYPTION);
1861 Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
1863 if (memcmp(plain, vector, sizeof(plain)))
1866 if (memcmp(cipher, verify, sizeof(cipher)))
1871 #endif /* NO_DES3 */
1877 const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
1878 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1879 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1880 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1891 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
1892 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
1893 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
1897 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
1898 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
1899 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
1903 const byte verify3[] =
1905 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
1906 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
1907 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
1914 if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
1916 if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0)
1919 ret = Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
1922 ret = Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
1925 ret = Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
1928 ret = Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
1932 if (memcmp(plain, vector, sizeof(plain)))
1935 if (memcmp(cipher, verify3, sizeof(cipher)))
1939 Des3_FreeCavium(&enc);
1940 Des3_FreeCavium(&dec);
1953 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
1954 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
1955 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
1956 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
1959 const byte verify[] =
1961 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
1962 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
1965 byte key[] = "0123456789abcdef "; /* align */
1966 byte iv[] = "1234567890abcdef "; /* align */
1968 byte cipher[AES_BLOCK_SIZE * 4];
1969 byte plain [AES_BLOCK_SIZE * 4];
1973 if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
1975 if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
1978 ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
1981 ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
1985 ret = AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
1988 ret = AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
1992 if (memcmp(plain, msg, AES_BLOCK_SIZE))
1995 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
1999 AesFreeCavium(&enc);
2000 AesFreeCavium(&dec);
2002 #ifdef CYASSL_AES_COUNTER
2004 const byte ctrKey[] =
2006 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
2007 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
2010 const byte ctrIv[] =
2012 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
2013 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
2017 const byte ctrPlain[] =
2019 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2020 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
2021 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
2022 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
2023 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
2024 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
2025 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
2026 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
2029 const byte ctrCipher[] =
2031 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
2032 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
2033 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
2034 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
2035 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
2036 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
2037 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
2038 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
2041 const byte oddCipher[] =
2043 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
2047 AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2048 /* Ctr only uses encrypt, even on key setup */
2049 AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2051 AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4);
2052 AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);
2054 if (memcmp(plain, ctrPlain, AES_BLOCK_SIZE*4))
2057 if (memcmp(cipher, ctrCipher, AES_BLOCK_SIZE*4))
2060 /* let's try with just 9 bytes, non block size test */
2061 AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2062 /* Ctr only uses encrypt, even on key setup */
2063 AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2065 AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2066 AesCtrEncrypt(&dec, plain, cipher, 9);
2068 if (memcmp(plain, ctrPlain, 9))
2071 if (memcmp(cipher, ctrCipher, 9))
2074 /* and an additional 9 bytes to reuse tmp left buffer */
2075 AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2076 AesCtrEncrypt(&dec, plain, cipher, 9);
2078 if (memcmp(plain, ctrPlain, 9))
2081 if (memcmp(cipher, oddCipher, 9))
2084 #endif /* CYASSL_AES_COUNTER */
2086 #if defined(CYASSL_AESNI) && defined(CYASSL_AES_DIRECT)
2088 const byte niPlain[] =
2090 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2091 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
2094 const byte niCipher[] =
2096 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
2097 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
2100 const byte niKey[] =
2102 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
2103 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
2104 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
2105 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
2108 XMEMSET(cipher, 0, AES_BLOCK_SIZE);
2109 ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
2112 AesEncryptDirect(&enc, cipher, niPlain);
2113 if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
2116 XMEMSET(plain, 0, AES_BLOCK_SIZE);
2117 ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
2120 AesDecryptDirect(&dec, plain, niCipher);
2121 if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
2124 #endif /* CYASSL_AESNI && CYASSL_AES_DIRECT */
2130 int aesgcm_test(void)
2135 * This is Test Case 16 from the document Galois/
2136 * Counter Mode of Operation (GCM) by McGrew and
2141 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2142 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
2143 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2144 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
2149 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
2150 0xde, 0xca, 0xf8, 0x88
2155 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
2156 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
2157 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
2158 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
2159 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
2160 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
2161 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
2162 0xba, 0x63, 0x7b, 0x39
2167 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2168 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2169 0xab, 0xad, 0xda, 0xd2
2174 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
2175 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
2176 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
2177 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
2178 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
2179 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
2180 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
2181 0xbc, 0xc9, 0xf6, 0x62
2186 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
2187 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
2196 memset(t2, 0, sizeof(t2));
2197 memset(c2, 0, sizeof(c2));
2198 memset(p2, 0, sizeof(p2));
2200 AesGcmSetKey(&enc, k, sizeof(k));
2201 /* AES-GCM encrypt and decrypt both use AES encrypt internally */
2202 AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2203 t2, sizeof(t2), a, sizeof(a));
2204 if (memcmp(c, c2, sizeof(c2)))
2206 if (memcmp(t, t2, sizeof(t2)))
2209 result = AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2210 t2, sizeof(t2), a, sizeof(a));
2213 if (memcmp(p, p2, sizeof(p2)))
2225 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
2226 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
2230 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
2231 0xe2, 0x8c, 0x8f, 0x16
2235 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
2236 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
2240 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
2241 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
2246 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
2247 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
2251 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
2252 0x1a, 0x60, 0x24, 0xa7
2256 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
2257 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
2261 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
2262 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
2267 0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b,
2268 0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac
2272 0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92,
2273 0x6a, 0x9c, 0x26, 0xb0
2277 0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31,
2278 0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a
2282 0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48
2287 memset(tag, 0, sizeof(tag));
2288 GmacSetKey(&gmac, k1, sizeof(k1));
2289 GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
2290 if (memcmp(t1, tag, sizeof(t1)) != 0)
2293 memset(tag, 0, sizeof(tag));
2294 GmacSetKey(&gmac, k2, sizeof(k2));
2295 GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
2296 if (memcmp(t2, tag, sizeof(t2)) != 0)
2299 memset(tag, 0, sizeof(tag));
2300 GmacSetKey(&gmac, k3, sizeof(k3));
2301 GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3));
2302 if (memcmp(t3, tag, sizeof(t3)) != 0)
2307 #endif /* HAVE_AESGCM */
2310 int aesccm_test(void)
2317 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
2318 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
2324 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
2325 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
2331 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2332 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2333 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
2338 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
2343 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
2344 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
2345 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
2350 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
2359 memset(t2, 0, sizeof(t2));
2360 memset(c2, 0, sizeof(c2));
2361 memset(p2, 0, sizeof(p2));
2363 AesCcmSetKey(&enc, k, sizeof(k));
2364 /* AES-CCM encrypt and decrypt both use AES encrypt internally */
2365 AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2366 t2, sizeof(t2), a, sizeof(a));
2367 if (memcmp(c, c2, sizeof(c2)))
2369 if (memcmp(t, t2, sizeof(t2)))
2372 result = AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2373 t2, sizeof(t2), a, sizeof(a));
2376 if (memcmp(p, p2, sizeof(p2)))
2379 /* Test the authentication failure */
2380 t2[0]++; /* Corrupt the authentication tag. */
2381 result = AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv),
2382 t2, sizeof(t2), a, sizeof(a));
2386 /* Clear c2 to compare against p2. p2 should be set to zero in case of
2387 * authentication fail. */
2388 memset(c2, 0, sizeof(c2));
2389 if (memcmp(p2, c2, sizeof(p2)))
2394 #endif /* HAVE_AESCCM */
2400 #ifdef HAVE_CAMELLIA
2403 CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
2408 const byte* plaintext;
2410 const byte* ciphertext;
2416 int camellia_test(void)
2418 /* Camellia ECB Test Plaintext */
2419 static const byte pte[] =
2421 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2422 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2425 /* Camellia ECB Test Initialization Vector */
2426 static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
2428 /* Test 1: Camellia ECB 128-bit key */
2429 static const byte k1[] =
2431 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2432 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2434 static const byte c1[] =
2436 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
2437 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
2440 /* Test 2: Camellia ECB 192-bit key */
2441 static const byte k2[] =
2443 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2444 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2445 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
2447 static const byte c2[] =
2449 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
2450 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
2453 /* Test 3: Camellia ECB 256-bit key */
2454 static const byte k3[] =
2456 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2457 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2458 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
2459 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
2461 static const byte c3[] =
2463 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
2464 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
2467 /* Camellia CBC Test Plaintext */
2468 static const byte ptc[] =
2470 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
2471 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
2474 /* Camellia CBC Test Initialization Vector */
2475 static const byte ivc[] =
2477 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2478 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
2481 /* Test 4: Camellia-CBC 128-bit key */
2482 static const byte k4[] =
2484 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
2485 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
2487 static const byte c4[] =
2489 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
2490 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
2493 /* Test 5: Camellia-CBC 192-bit key */
2494 static const byte k5[] =
2496 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
2497 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
2498 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
2500 static const byte c5[] =
2502 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
2503 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
2506 /* Test 6: CBC 256-bit key */
2507 static const byte k6[] =
2509 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
2510 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
2511 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
2512 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
2514 static const byte c6[] =
2516 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
2517 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
2520 byte out[CAMELLIA_BLOCK_SIZE];
2523 const test_vector_t testVectors[] =
2525 {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
2526 {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
2527 {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
2528 {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
2529 {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
2530 {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
2531 {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
2532 {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
2533 {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
2534 {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
2535 {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
2536 {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
2539 testsSz = sizeof(testVectors)/sizeof(test_vector_t);
2540 for (i = 0; i < testsSz; i++) {
2541 if (CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
2542 testVectors[i].iv) != 0)
2543 return testVectors[i].errorCode;
2545 switch (testVectors[i].type) {
2547 CamelliaEncryptDirect(&cam, out, testVectors[i].plaintext);
2548 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
2549 return testVectors[i].errorCode;
2552 CamelliaDecryptDirect(&cam, out, testVectors[i].ciphertext);
2553 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
2554 return testVectors[i].errorCode;
2557 CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
2558 CAMELLIA_BLOCK_SIZE);
2559 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
2560 return testVectors[i].errorCode;
2563 CamelliaCbcDecrypt(&cam, out, testVectors[i].ciphertext,
2564 CAMELLIA_BLOCK_SIZE);
2565 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
2566 return testVectors[i].errorCode;
2573 /* Setting the IV and checking it was actually set. */
2574 CamelliaSetIV(&cam, ivc);
2575 if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
2578 /* Setting the IV to NULL should be same as all zeros IV */
2579 if (CamelliaSetIV(&cam, NULL) != 0 ||
2580 XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
2583 /* First parameter should never be null */
2584 if (CamelliaSetIV(NULL, NULL) == 0)
2587 /* First parameter should never be null, check it fails */
2588 if (CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
2591 /* Key should have a size of 16, 24, or 32 */
2592 if (CamelliaSetKey(&cam, k1, 0, NULL) == 0)
2597 #endif /* HAVE_CAMELLIA */
2600 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
2602 int random_test(void)
2604 const byte test1Entropy[] =
2606 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
2607 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
2608 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
2609 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
2611 const byte test1Output[] =
2613 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
2614 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
2615 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
2616 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
2617 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
2618 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
2619 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
2620 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
2621 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
2622 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
2623 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
2625 const byte test2EntropyA[] =
2627 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
2628 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
2629 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
2630 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
2632 const byte test2EntropyB[] =
2634 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
2635 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
2636 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
2638 const byte test2Output[] =
2640 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
2641 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
2642 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
2643 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
2644 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
2645 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
2646 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
2647 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
2648 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
2649 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
2650 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
2654 ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
2655 test1Output, sizeof(test1Output));
2656 if (ret != 0) return -39;
2658 ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
2659 test2EntropyB, sizeof(test2EntropyB),
2660 test2Output, sizeof(test2Output));
2661 if (ret != 0) return -40;
2666 #else /* HAVE_HASHDRBG || NO_RC4 */
2668 int random_test(void)
2675 ret = InitRngCavium(&rng, CAVIUM_DEV_ID);
2676 if (ret != 0) return -2007;
2678 ret = InitRng(&rng);
2679 if (ret != 0) return -39;
2681 ret = RNG_GenerateBlock(&rng, block, sizeof(block));
2682 if (ret != 0) return -40;
2687 #endif /* HAVE_HASHDRBG || NO_RC4 */
2692 byte GetEntropy(ENTROPY_CMD cmd, byte* out);
2694 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
2699 return (InitRng(&rng) == 0) ? 1 : 0;
2704 if (cmd == GET_BYTE_OF_ENTROPY)
2705 return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
2707 if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
2715 #endif /* HAVE_NTRU */
2719 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
2720 #ifdef FREESCALE_MQX
2721 static const char* clientKey = "a:\\certs\\client-key.der";
2722 static const char* clientCert = "a:\\certs\\client-cert.der";
2723 #ifdef CYASSL_CERT_GEN
2724 static const char* caKeyFile = "a:\\certs\\ca-key.der";
2725 static const char* caCertFile = "a:\\certs\\ca-cert.pem";
2727 static const char* eccCaKeyFile = "a:\\certs\\ecc-key.der";
2728 static const char* eccCaCertFile = "a:\\certs\\server-ecc.pem";
2731 #elif defined(CYASSL_MKD_SHELL)
2732 static char* clientKey = "certs/client-key.der";
2733 static char* clientCert = "certs/client-cert.der";
2734 void set_clientKey(char *key) { clientKey = key ; }
2735 void set_clientCert(char *cert) { clientCert = cert ; }
2736 #ifdef CYASSL_CERT_GEN
2737 static char* caKeyFile = "certs/ca-key.der";
2738 static char* caCertFile = "certs/ca-cert.pem";
2739 void set_caKeyFile (char * key) { caKeyFile = key ; }
2740 void set_caCertFile(char * cert) { caCertFile = cert ; }
2742 static const char* eccCaKeyFile = "certs/ecc-key.der";
2743 static const char* eccCaCertFile = "certs/server-ecc.pem";
2744 void set_eccCaKeyFile (char * key) { eccCaKeyFile = key ; }
2745 void set_eccCaCertFile(char * cert) { eccCaCertFile = cert ; }
2749 static const char* clientKey = "./certs/client-key.der";
2750 static const char* clientCert = "./certs/client-cert.der";
2751 #ifdef CYASSL_CERT_GEN
2752 static const char* caKeyFile = "./certs/ca-key.der";
2753 static const char* caCertFile = "./certs/ca-cert.pem";
2755 static const char* eccCaKeyFile = "./certs/ecc-key.der";
2756 static const char* eccCaCertFile = "./certs/server-ecc.pem";
2764 #define FOURK_BUF 4096
2774 byte in[] = "Everyone gets Friday off.";
2775 word32 inLen = (word32)strlen((char*)in);
2778 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
2779 FILE* file, * file2;
2781 #ifdef CYASSL_TEST_CERT
2785 tmp = (byte*)malloc(FOURK_BUF);
2789 #ifdef USE_CERT_BUFFERS_1024
2790 XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
2791 bytes = sizeof_client_key_der_1024;
2792 #elif defined(USE_CERT_BUFFERS_2048)
2793 XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
2794 bytes = sizeof_client_key_der_2048;
2796 file = fopen(clientKey, "rb");
2799 err_sys("can't open ./certs/client-key.der, "
2800 "Please run from CyaSSL home dir", -40);
2802 bytes = fread(tmp, 1, FOURK_BUF, file);
2804 #endif /* USE_CERT_BUFFERS */
2807 RsaInitCavium(&key, CAVIUM_DEV_ID);
2809 ret = InitRsaKey(&key, 0);
2810 if (ret != 0) return -39;
2811 ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
2812 if (ret != 0) return -41;
2814 ret = InitRng(&rng);
2815 if (ret != 0) return -42;
2817 ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
2818 if (ret < 0) return -43;
2820 ret = RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
2821 if (ret < 0) return -44;
2823 if (memcmp(plain, in, inLen)) return -45;
2825 ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
2826 if (ret < 0) return -46;
2828 memset(plain, 0, sizeof(plain));
2829 ret = RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
2830 if (ret < 0) return -47;
2832 if (memcmp(plain, in, ret)) return -48;
2834 #if defined(CYASSL_MDK_ARM)
2835 #define sizeof(s) strlen((char *)(s))
2838 #ifdef USE_CERT_BUFFERS_1024
2839 XMEMCPY(tmp, client_cert_der_1024, sizeof_client_cert_der_1024);
2840 bytes = sizeof_client_cert_der_1024;
2841 #elif defined(USE_CERT_BUFFERS_2048)
2842 XMEMCPY(tmp, client_cert_der_2048, sizeof_client_cert_der_2048);
2843 bytes = sizeof_client_cert_der_2048;
2845 file2 = fopen(clientCert, "rb");
2849 bytes = fread(tmp, 1, FOURK_BUF, file2);
2857 #ifdef CYASSL_TEST_CERT
2858 InitDecodedCert(&cert, tmp, (word32)bytes, 0);
2860 ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
2861 if (ret != 0) return -491;
2863 FreeDecodedCert(&cert);
2869 #ifdef CYASSL_KEY_GEN
2880 ret = InitRsaKey(&genKey, 0);
2883 ret = MakeRsaKey(&genKey, 1024, 65537, &rng);
2887 der = (byte*)malloc(FOURK_BUF);
2889 FreeRsaKey(&genKey);
2892 pem = (byte*)malloc(FOURK_BUF);
2895 FreeRsaKey(&genKey);
2899 derSz = RsaKeyToDer(&genKey, der, FOURK_BUF);
2906 keyFile = fopen("./key.der", "wb");
2910 FreeRsaKey(&genKey);
2913 ret = (int)fwrite(der, 1, derSz, keyFile);
2918 FreeRsaKey(&genKey);
2922 pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
2926 FreeRsaKey(&genKey);
2930 pemFile = fopen("./key.pem", "wb");
2934 FreeRsaKey(&genKey);
2937 ret = (int)fwrite(pem, 1, pemSz, pemFile);
2942 FreeRsaKey(&genKey);
2946 ret = InitRsaKey(&derIn, 0);
2950 FreeRsaKey(&genKey);
2954 ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz);
2959 FreeRsaKey(&genKey);
2964 FreeRsaKey(&genKey);
2968 #endif /* CYASSL_KEY_GEN */
2971 #ifdef CYASSL_CERT_GEN
2981 #ifdef CYASSL_TEST_CERT
2985 derCert = (byte*)malloc(FOURK_BUF);
2986 if (derCert == NULL)
2988 pem = (byte*)malloc(FOURK_BUF);
2996 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
2997 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
2998 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
2999 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3000 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3001 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3002 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3004 myCert.sigType = CTC_SHA256wRSA;
3006 certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng);
3013 #ifdef CYASSL_TEST_CERT
3014 InitDecodedCert(&decode, derCert, certSz, 0);
3015 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3021 FreeDecodedCert(&decode);
3023 derFile = fopen("./cert.der", "wb");
3029 ret = (int)fwrite(derCert, 1, certSz, derFile);
3031 if (ret != certSz) {
3037 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3044 pemFile = fopen("./cert.pem", "wb");
3050 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3073 #ifdef CYASSL_TEST_CERT
3077 derCert = (byte*)malloc(FOURK_BUF);
3078 if (derCert == NULL)
3080 pem = (byte*)malloc(FOURK_BUF);
3086 file3 = fopen(caKeyFile, "rb");
3094 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3097 ret = InitRsaKey(&caKey, 0);
3103 ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3113 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3114 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3115 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3116 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3117 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3118 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3119 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3121 ret = SetIssuer(&myCert, caCertFile);
3129 certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
3137 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3138 &caKey, NULL, &rng);
3147 #ifdef CYASSL_TEST_CERT
3148 InitDecodedCert(&decode, derCert, certSz, 0);
3149 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3156 FreeDecodedCert(&decode);
3159 derFile = fopen("./othercert.der", "wb");
3166 ret = (int)fwrite(derCert, 1, certSz, derFile);
3168 if (ret != certSz) {
3175 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3183 pemFile = fopen("./othercert.pem", "wb");
3190 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3216 #ifdef CYASSL_TEST_CERT
3220 derCert = (byte*)malloc(FOURK_BUF);
3221 if (derCert == NULL)
3223 pem = (byte*)malloc(FOURK_BUF);
3229 file3 = fopen(eccCaKeyFile, "rb");
3237 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3241 ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3249 myCert.sigType = CTC_SHA256wECDSA;
3251 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3252 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3253 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3254 strncpy(myCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
3255 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3256 strncpy(myCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
3257 strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
3259 ret = SetIssuer(&myCert, eccCaCertFile);
3267 certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng);
3275 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3276 NULL, &caKey, &rng);
3284 #ifdef CYASSL_TEST_CERT
3285 InitDecodedCert(&decode, derCert, certSz, 0);
3286 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3293 FreeDecodedCert(&decode);
3296 derFile = fopen("./certecc.der", "wb");
3303 ret = (int)fwrite(derCert, 1, certSz, derFile);
3305 if (ret != certSz) {
3312 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3320 pemFile = fopen("./certecc.pem", "wb");
3327 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3339 #endif /* HAVE_ECC */
3353 #ifdef CYASSL_TEST_CERT
3356 derCert = (byte*)malloc(FOURK_BUF);
3357 if (derCert == NULL)
3359 pem = (byte*)malloc(FOURK_BUF);
3365 byte public_key[557]; /* sized for EES401EP2 */
3366 word16 public_key_len; /* no. of octets in public key */
3367 byte private_key[607]; /* sized for EES401EP2 */
3368 word16 private_key_len; /* no. of octets in private key */
3370 static uint8_t const pers_str[] = {
3371 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
3373 word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
3374 sizeof(pers_str), GetEntropy, &drbg);
3375 if (rc != DRBG_OK) {
3381 rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
3382 &public_key_len, NULL,
3383 &private_key_len, NULL);
3384 if (rc != NTRU_OK) {
3390 rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
3391 &public_key_len, public_key,
3392 &private_key_len, private_key);
3393 if (rc != NTRU_OK) {
3399 rc = ntru_crypto_drbg_uninstantiate(drbg);
3401 if (rc != NTRU_OK) {
3407 caFile = fopen(caKeyFile, "rb");
3415 bytes = fread(tmp, 1, FOURK_BUF, caFile);
3418 ret = InitRsaKey(&caKey, 0);
3424 ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
3433 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3434 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3435 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3436 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3437 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3438 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3439 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3441 ret = SetIssuer(&myCert, caCertFile);
3449 certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key,
3450 public_key_len, &rng);
3458 certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3459 &caKey, NULL, &rng);
3468 #ifdef CYASSL_TEST_CERT
3469 InitDecodedCert(&decode, derCert, certSz, 0);
3470 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3476 FreeDecodedCert(&decode);
3478 derFile = fopen("./ntru-cert.der", "wb");
3484 ret = (int)fwrite(derCert, 1, certSz, derFile);
3486 if (ret != certSz) {
3492 pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3499 pemFile = fopen("./ntru-cert.pem", "wb");
3505 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3513 ntruPrivFile = fopen("./ntru-key.raw", "wb");
3514 if (!ntruPrivFile) {
3519 ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
3520 fclose(ntruPrivFile);
3521 if (ret != private_key_len) {
3529 #endif /* HAVE_NTRU */
3530 #ifdef CYASSL_CERT_REQ
3539 der = (byte*)malloc(FOURK_BUF);
3542 pem = (byte*)malloc(FOURK_BUF);
3552 strncpy(req.challengePw, "yassl123", CTC_NAME_SIZE);
3553 strncpy(req.subject.country, "US", CTC_NAME_SIZE);
3554 strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
3555 strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
3556 strncpy(req.subject.org, "yaSSL", CTC_NAME_SIZE);
3557 strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
3558 strncpy(req.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3559 strncpy(req.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3560 req.sigType = CTC_SHA256wRSA;
3562 derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
3569 derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF,
3577 pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
3584 reqFile = fopen("./certreq.der", "wb");
3591 ret = (int)fwrite(der, 1, derSz, reqFile);
3599 reqFile = fopen("./certreq.pem", "wb");
3605 ret = (int)fwrite(pem, 1, pemSz, reqFile);
3616 #endif /* CYASSL_CERT_REQ */
3617 #endif /* CYASSL_CERT_GEN */
3621 RsaFreeCavium(&key);
3633 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3634 #ifdef FREESCALE_MQX
3635 static const char* dhKey = "a:\certs\\dh2048.der";
3637 static const char* dhKey = "./certs/dh2048.der";
3645 word32 idx = 0, privSz, pubSz, privSz2, pubSz2, agreeSz, agreeSz2;
3658 #ifdef USE_CERT_BUFFERS_1024
3659 XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
3660 bytes = sizeof_dh_key_der_1024;
3661 #elif defined(USE_CERT_BUFFERS_2048)
3662 XMEMCPY(tmp, dh_key_der_2048, sizeof_dh_key_der_2048);
3663 bytes = sizeof_dh_key_der_2048;
3665 FILE* file = fopen(dhKey, "rb");
3670 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
3672 #endif /* USE_CERT_BUFFERS */
3676 ret = DhKeyDecode(tmp, &idx, &key, bytes);
3681 ret = DhKeyDecode(tmp, &idx, &key2, bytes);
3685 ret = InitRng(&rng);
3689 ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
3690 ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
3694 ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
3695 ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
3699 if (memcmp(agree, agree2, agreeSz))
3713 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3714 #ifdef FREESCALE_MQX
3715 static const char* dsaKey = "a:\\certs\\dsa2048.der";
3717 static const char* dsaKey = "./certs/dsa2048.der";
3730 byte hash[SHA_DIGEST_SIZE];
3734 #ifdef USE_CERT_BUFFERS_1024
3735 XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
3736 bytes = sizeof_dsa_key_der_1024;
3737 #elif defined(USE_CERT_BUFFERS_2048)
3738 XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
3739 bytes = sizeof_dsa_key_der_2048;
3741 FILE* file = fopen(dsaKey, "rb");
3746 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
3748 #endif /* USE_CERT_BUFFERS */
3750 ret = InitSha(&sha);
3753 ShaUpdate(&sha, tmp, bytes);
3754 ShaFinal(&sha, hash);
3757 ret = DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
3758 if (ret != 0) return -61;
3760 ret = InitRng(&rng);
3761 if (ret != 0) return -62;
3763 ret = DsaSign(hash, signature, &key, &rng);
3764 if (ret != 0) return -63;
3766 ret = DsaVerify(hash, signature, &key, &answer);
3767 if (ret != 0) return -64;
3768 if (answer != 1) return -65;
3778 #ifdef OPENSSL_EXTRA
3780 int openssl_test(void)
3783 testVector a, b, c, d, e, f;
3784 byte hash[SHA_DIGEST_SIZE*4]; /* max size */
3789 a.input = "1234567890123456789012345678901234567890123456789012345678"
3790 "9012345678901234567890";
3791 a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
3793 a.inLen = strlen(a.input);
3794 a.outLen = MD5_DIGEST_SIZE;
3796 EVP_MD_CTX_init(&md_ctx);
3797 EVP_DigestInit(&md_ctx, EVP_md5());
3799 EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
3800 EVP_DigestFinal(&md_ctx, hash, 0);
3802 if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
3805 b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
3806 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
3808 b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
3809 "\x53\x99\x5E\x26\xA0";
3810 b.inLen = strlen(b.input);
3811 b.outLen = SHA_DIGEST_SIZE;
3813 EVP_MD_CTX_init(&md_ctx);
3814 EVP_DigestInit(&md_ctx, EVP_sha1());
3816 EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
3817 EVP_DigestFinal(&md_ctx, hash, 0);
3819 if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
3823 d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
3824 d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
3825 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
3827 d.inLen = strlen(d.input);
3828 d.outLen = SHA256_DIGEST_SIZE;
3830 EVP_MD_CTX_init(&md_ctx);
3831 EVP_DigestInit(&md_ctx, EVP_sha256());
3833 EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
3834 EVP_DigestFinal(&md_ctx, hash, 0);
3836 if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
3839 #ifdef CYASSL_SHA384
3841 e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
3842 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
3843 e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
3844 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
3845 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
3847 e.inLen = strlen(e.input);
3848 e.outLen = SHA384_DIGEST_SIZE;
3850 EVP_MD_CTX_init(&md_ctx);
3851 EVP_DigestInit(&md_ctx, EVP_sha384());
3853 EVP_DigestUpdate(&md_ctx, e.input, e.inLen);
3854 EVP_DigestFinal(&md_ctx, hash, 0);
3856 if (memcmp(hash, e.output, SHA384_DIGEST_SIZE) != 0)
3859 #endif /* CYASSL_SHA384 */
3862 #ifdef CYASSL_SHA512
3864 f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
3865 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
3866 f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
3867 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
3868 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
3869 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
3871 f.inLen = strlen(f.input);
3872 f.outLen = SHA512_DIGEST_SIZE;
3874 EVP_MD_CTX_init(&md_ctx);
3875 EVP_DigestInit(&md_ctx, EVP_sha512());
3877 EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
3878 EVP_DigestFinal(&md_ctx, hash, 0);
3880 if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
3883 #endif /* CYASSL_SHA512 */
3886 if (RAND_bytes(hash, sizeof(hash)) != 1)
3889 c.input = "what do ya want for nothing?";
3890 c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
3892 c.inLen = strlen(c.input);
3893 c.outLen = MD5_DIGEST_SIZE;
3895 HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0);
3897 if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0)
3901 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
3902 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
3903 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
3904 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
3910 const_DES_cblock key =
3912 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
3917 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
3920 DES_key_schedule sched;
3922 const byte verify[] =
3924 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
3925 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
3926 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
3929 DES_key_sched(&key, &sched);
3931 DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
3932 DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
3934 if (memcmp(plain, vector, sizeof(vector)) != 0)
3937 if (memcmp(cipher, verify, sizeof(verify)) != 0)
3940 /* test changing iv */
3941 DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
3942 DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
3944 if (memcmp(cipher, verify, sizeof(verify)) != 0)
3947 } /* end des test */
3949 { /* evp_cipher test */
3953 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
3954 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
3955 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
3956 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
3959 const byte verify[] =
3961 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
3962 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
3965 byte key[] = "0123456789abcdef "; /* align */
3966 byte iv[] = "1234567890abcdef "; /* align */
3968 byte cipher[AES_BLOCK_SIZE * 4];
3969 byte plain [AES_BLOCK_SIZE * 4];
3971 EVP_CIPHER_CTX_init(&ctx);
3972 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
3975 if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
3978 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
3981 EVP_CIPHER_CTX_init(&ctx);
3982 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
3985 if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
3988 if (memcmp(plain, msg, AES_BLOCK_SIZE))
3992 } /* end evp_cipher test */
3997 #endif /* OPENSSL_EXTRA */
4002 int pkcs12_test(void)
4004 const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
4006 const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
4008 const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
4009 0x00, 0x67, 0x00, 0x00 };
4010 const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
4013 const byte verify[] = {
4014 0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
4015 0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
4016 0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
4019 const byte verify2[] = {
4020 0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
4021 0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
4022 0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
4028 int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
4034 if ( (ret = memcmp(derived, verify, kLen)) != 0)
4038 ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
4043 if ( (ret = memcmp(derived, verify2, 24)) != 0)
4050 int pbkdf2_test(void)
4052 char passwd[] = "password";
4053 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
4054 int iterations = 2048;
4058 const byte verify[] = {
4059 0xBF, 0xDE, 0x6B, 0xE9, 0x4D, 0xF7, 0xE1, 0x1D, 0xD4, 0x09, 0xBC, 0xE2,
4060 0x0A, 0x02, 0x55, 0xEC, 0x32, 0x7C, 0xB9, 0x36, 0xFF, 0xE9, 0x36, 0x43
4064 int ret = PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
4065 iterations, kLen, SHA);
4069 if (memcmp(derived, verify, sizeof(verify)) != 0)
4076 int pbkdf1_test(void)
4078 char passwd[] = "password";
4079 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
4080 int iterations = 1000;
4084 const byte verify[] = {
4085 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, 0xAF, 0x10, 0xEB, 0xFB,
4086 0x4A, 0x3D, 0x2A, 0x20
4089 PBKDF1(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations,
4092 if (memcmp(derived, verify, sizeof(verify)) != 0)
4099 int pwdbased_test(void)
4101 int ret = pbkdf1_test();
4102 ret += pbkdf2_test();
4104 return ret + pkcs12_test();
4107 #endif /* NO_PWDBASED */
4109 #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
4116 byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4117 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4118 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
4119 byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4120 0x08, 0x09, 0x0a, 0x0b, 0x0c };
4121 byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
4123 byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
4124 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
4125 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
4126 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
4127 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
4129 byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
4130 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
4131 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
4132 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
4133 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
4135 byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
4136 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
4137 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
4138 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
4139 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
4141 byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
4142 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
4143 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
4144 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
4145 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
4156 ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4160 if (memcmp(okm1, res1, L) != 0)
4164 /* fips can't have key size under 14 bytes, salt is key too */
4165 ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
4169 if (memcmp(okm1, res2, L) != 0)
4171 #endif /* HAVE_FIPS */
4175 ret = HKDF(SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4179 if (memcmp(okm1, res3, L) != 0)
4183 /* fips can't have key size under 14 bytes, salt is key too */
4184 ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
4188 if (memcmp(okm1, res4, L) != 0)
4190 #endif /* HAVE_FIPS */
4191 #endif /* NO_SHA256 */
4196 #endif /* HAVE_HKDF */
4208 byte exportBuf[1024];
4211 ecc_key userA, userB, pubKey;
4213 ret = InitRng(&rng);
4221 ret = ecc_make_key(&rng, 32, &userA);
4226 ret = ecc_make_key(&rng, 32, &userB);
4231 x = sizeof(sharedA);
4232 ret = ecc_shared_secret(&userA, &userB, sharedA, &x);
4237 y = sizeof(sharedB);
4238 ret = ecc_shared_secret(&userB, &userA, sharedB, &y);
4246 if (memcmp(sharedA, sharedB, x))
4249 x = sizeof(exportBuf);
4250 ret = ecc_export_x963(&userA, exportBuf, &x);
4254 ret = ecc_import_x963(exportBuf, x, &pubKey);
4259 y = sizeof(sharedB);
4260 ret = ecc_shared_secret(&userB, &pubKey, sharedB, &y);
4265 if (memcmp(sharedA, sharedB, y))
4268 /* test DSA sign hash */
4269 for (i = 0; i < (int)sizeof(digest); i++)
4270 digest[i] = (byte)i;
4273 ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
4279 ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA);
4287 x = sizeof(exportBuf);
4288 ret = ecc_export_private_only(&userA, exportBuf, &x);
4299 #ifdef HAVE_ECC_ENCRYPT
4301 int ecc_encrypt_test(void)
4305 ecc_key userA, userB;
4309 word32 outSz = sizeof(out);
4310 word32 plainSz = sizeof(plain);
4313 ret = InitRng(&rng);
4320 ret = ecc_make_key(&rng, 32, &userA);
4321 ret += ecc_make_key(&rng, 32, &userB);
4326 for (i = 0; i < 48; i++)
4329 /* encrypt msg to B */
4330 ret = ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL);
4334 /* decrypt msg from A */
4335 ret = ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL);
4339 if (memcmp(plain, msg, sizeof(msg)) != 0)
4343 { /* let's verify message exchange works, A is client, B is server */
4344 ecEncCtx* cliCtx = ecc_ctx_new(REQ_RESP_CLIENT, &rng);
4345 ecEncCtx* srvCtx = ecc_ctx_new(REQ_RESP_SERVER, &rng);
4347 byte cliSalt[EXCHANGE_SALT_SZ];
4348 byte srvSalt[EXCHANGE_SALT_SZ];
4349 const byte* tmpSalt;
4351 if (cliCtx == NULL || srvCtx == NULL)
4354 /* get salt to send to peer */
4355 tmpSalt = ecc_ctx_get_own_salt(cliCtx);
4356 if (tmpSalt == NULL)
4358 memcpy(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
4360 tmpSalt = ecc_ctx_get_own_salt(srvCtx);
4361 if (tmpSalt == NULL)
4363 memcpy(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
4365 /* in actual use, we'd get the peer's salt over the transport */
4366 ret = ecc_ctx_set_peer_salt(cliCtx, srvSalt);
4367 ret += ecc_ctx_set_peer_salt(srvCtx, cliSalt);
4369 ret += ecc_ctx_set_info(cliCtx, (byte*)"CyaSSL MSGE", 11);
4370 ret += ecc_ctx_set_info(srvCtx, (byte*)"CyaSSL MSGE", 11);
4375 /* get encrypted msg (request) to send to B */
4376 outSz = sizeof(out);
4377 ret = ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx);
4381 /* B decrypts msg (request) from A */
4382 plainSz = sizeof(plain);
4383 ret = ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx);
4387 if (memcmp(plain, msg, sizeof(msg)) != 0)
4391 /* msg2 (response) from B to A */
4395 word32 outSz2 = sizeof(out2);
4396 word32 plainSz2 = sizeof(plain2);
4398 for (i = 0; i < 48; i++)
4401 /* get encrypted msg (response) to send to B */
4402 ret = ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2,
4407 /* A decrypts msg (response) from B */
4408 ret = ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2,
4413 if (memcmp(plain2, msg2, sizeof(msg2)) != 0)
4418 ecc_ctx_free(srvCtx);
4419 ecc_ctx_free(cliCtx);
4429 #endif /* HAVE_ECC_ENCRYPT */
4430 #endif /* HAVE_ECC */
4434 const byte sample_text[] =
4435 "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
4436 "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
4437 "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
4438 "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
4439 "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
4440 "small batch meggings kogi dolore food truck bespoke gastropub.\n"
4442 "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
4443 "four loko you probably haven't heard of them high life. Messenger bag\n"
4444 "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
4445 "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
4446 "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
4447 "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
4448 "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
4449 "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
4450 "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
4451 "four loko whatever street art yr farm-to-table.\n"
4453 "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
4454 "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
4455 "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
4456 "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
4457 "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
4458 "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
4459 "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
4460 "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
4463 "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
4464 "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
4465 "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
4466 "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
4467 "small batch american apparel. Put a bird on it cosby sweater before they\n"
4468 "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
4469 "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
4470 "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
4471 "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
4472 "neutra PBR selvage.\n"
4474 "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
4475 "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
4476 "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
4477 "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
4478 "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
4479 "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
4480 "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
4481 "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
4482 "mollit magna, sriracha sartorial helvetica.\n"
4484 "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
4485 "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
4486 "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
4487 "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
4488 "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
4489 "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
4490 "Veniam sunt food truck leggings, sint vinyl fap.\n"
4492 "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
4493 "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
4494 "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
4495 "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
4496 "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
4497 "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
4498 "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
4499 "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
4500 "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
4502 "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
4503 "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
4504 "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
4505 "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
4506 "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
4507 "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
4508 "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
4509 "bag dolor terry richardson sapiente.\n";
4512 int compress_test(void)
4515 word32 dSz = sizeof(sample_text);
4516 word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
4520 c = calloc(cSz, sizeof(byte));
4521 d = calloc(dSz, sizeof(byte));
4523 if (c == NULL || d == NULL)
4526 if (ret == 0 && (ret = Compress(c, cSz, sample_text, dSz, 0)) < 0)
4534 if (ret == 0 && DeCompress(d, dSz, c, cSz) != (int)dSz)
4537 if (ret == 0 && memcmp(d, sample_text, dSz))
4546 #endif /* HAVE_LIBZ */
4550 int pkcs7enveloped_test(void)
4555 int envelopedSz, decodedSz;
4559 byte enveloped[2048];
4567 const char* pkcs7OutFile = "pkcs7envelopedData.der";
4569 const byte data[] = { /* Hello World */
4570 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
4574 /* read client cert and key in DER format */
4575 cert = (byte*)malloc(FOURK_BUF);
4579 privKey = (byte*)malloc(FOURK_BUF);
4580 if (privKey == NULL) {
4585 certFile = fopen(clientCert, "rb");
4589 err_sys("can't open ./certs/client-cert.der, "
4590 "Please run from CyaSSL home dir", -42);
4593 certSz = fread(cert, 1, FOURK_BUF, certFile);
4596 keyFile = fopen(clientKey, "rb");
4600 err_sys("can't open ./certs/client-key.der, "
4601 "Please run from CyaSSL home dir", -43);
4604 privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
4607 PKCS7_InitWithCert(&pkcs7, cert, (word32)certSz);
4608 pkcs7.content = (byte*)data;
4609 pkcs7.contentSz = (word32)sizeof(data);
4610 pkcs7.contentOID = DATA;
4611 pkcs7.encryptOID = cipher;
4612 pkcs7.privateKey = privKey;
4613 pkcs7.privateKeySz = (word32)privKeySz;
4615 /* encode envelopedData */
4616 envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
4618 if (envelopedSz <= 0) {
4624 /* decode envelopedData */
4625 decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
4626 decoded, sizeof(decoded));
4627 if (decodedSz <= 0) {
4633 /* test decode result */
4634 if (memcmp(decoded, data, sizeof(data)) != 0) {
4640 /* output pkcs7 envelopedData for external testing */
4641 pkcs7File = fopen(pkcs7OutFile, "wb");
4648 ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
4661 int pkcs7signed_test(void)
4669 char data[] = "Hello World";
4670 word32 dataSz, outSz, certDerSz, keyDerSz;
4675 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4677 byte messageTypeOid[] =
4678 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4680 byte senderNonceOid[] =
4681 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
4683 byte transId[(SHA_DIGEST_SIZE + 1) * 2 + 1];
4684 byte messageType[] = { 0x13, 2, '1', '9' };
4685 byte senderNonce[PKCS7_NONCE_SZ + 2];
4687 PKCS7Attrib attribs[] =
4689 { transIdOid, sizeof(transIdOid),
4690 transId, sizeof(transId) - 1 }, /* take off the null */
4691 { messageTypeOid, sizeof(messageTypeOid),
4692 messageType, sizeof(messageType) },
4693 { senderNonceOid, sizeof(senderNonceOid),
4694 senderNonce, sizeof(senderNonce) }
4697 dataSz = (word32) strlen(data);
4700 certDer = (byte*)malloc(FOURK_BUF);
4701 if (certDer == NULL)
4703 keyDer = (byte*)malloc(FOURK_BUF);
4704 if (keyDer == NULL) {
4708 out = (byte*)malloc(FOURK_BUF);
4715 /* read in DER cert of recipient, into cert of size certSz */
4716 file = fopen(clientCert, "rb");
4721 err_sys("can't open ./certs/client-cert.der, "
4722 "Please run from CyaSSL home dir", -44);
4724 certDerSz = (word32)fread(certDer, 1, FOURK_BUF, file);
4727 file = fopen(clientKey, "rb");
4732 err_sys("can't open ./certs/client-key.der, "
4733 "Please run from CyaSSL home dir", -45);
4735 keyDerSz = (word32)fread(keyDer, 1, FOURK_BUF, file);
4738 ret = InitRng(&rng);
4746 senderNonce[0] = 0x04;
4747 senderNonce[1] = PKCS7_NONCE_SZ;
4749 ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
4757 PKCS7_InitWithCert(&msg, certDer, certDerSz);
4758 msg.privateKey = keyDer;
4759 msg.privateKeySz = keyDerSz;
4760 msg.content = (byte*)data;
4761 msg.contentSz = dataSz;
4763 msg.encryptOID = RSAk;
4764 msg.signedAttribs = attribs;
4765 msg.signedAttribsSz = sizeof(attribs)/sizeof(PKCS7Attrib);
4769 byte digest[SHA_DIGEST_SIZE];
4773 transId[1] = SHA_DIGEST_SIZE * 2;
4775 ret = InitSha(&sha);
4782 ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
4783 ShaFinal(&sha, digest);
4785 for (i = 0, j = 2; i < SHA_DIGEST_SIZE; i++, j += 2) {
4786 snprintf((char*)&transId[j], 3, "%02x", digest[i]);
4789 ret = PKCS7_EncodeSignedData(&msg, out, outSz);
4800 /* write PKCS#7 to output file for more testing */
4801 file = fopen("./pkcs7signedData.der", "wb");
4809 ret = (int)fwrite(out, 1, outSz, file);
4811 if (ret != (int)outSz) {
4820 PKCS7_InitWithCert(&msg, NULL, 0);
4822 ret = PKCS7_VerifySignedData(&msg, out, outSz);
4831 if (msg.singleCert == NULL || msg.singleCertSz == 0) {
4839 file = fopen("./pkcs7cert.der", "wb");
4847 ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file);
4861 #endif /* HAVE_PKCS7 */
4863 #endif /* NO_CRYPT_TEST */