3 * Copyright (C) 2006-2015 wolfSSL Inc.
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <wolfssl/wolfcrypt/settings.h>
29 #include <stdlib.h> /* we're using malloc / free direct here */
34 #ifdef WOLFSSL_TEST_CERT
35 #include <wolfssl/wolfcrypt/asn.h>
37 #include <wolfssl/wolfcrypt/asn_public.h>
39 #include <wolfssl/wolfcrypt/md2.h>
40 #include <wolfssl/wolfcrypt/md5.h>
41 #include <wolfssl/wolfcrypt/md4.h>
42 #include <wolfssl/wolfcrypt/sha.h>
43 #include <wolfssl/wolfcrypt/sha256.h>
44 #include <wolfssl/wolfcrypt/sha512.h>
45 #include <wolfssl/wolfcrypt/arc4.h>
46 #include <wolfssl/wolfcrypt/random.h>
47 #include <wolfssl/wolfcrypt/coding.h>
48 #include <wolfssl/wolfcrypt/rsa.h>
49 #include <wolfssl/wolfcrypt/des3.h>
50 #include <wolfssl/wolfcrypt/aes.h>
51 #include <wolfssl/wolfcrypt/poly1305.h>
52 #include <wolfssl/wolfcrypt/camellia.h>
53 #include <wolfssl/wolfcrypt/hmac.h>
54 #include <wolfssl/wolfcrypt/dh.h>
55 #include <wolfssl/wolfcrypt/dsa.h>
56 #include <wolfssl/wolfcrypt/hc128.h>
57 #include <wolfssl/wolfcrypt/rabbit.h>
58 #include <wolfssl/wolfcrypt/chacha.h>
59 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
60 #include <wolfssl/wolfcrypt/pwdbased.h>
61 #include <wolfssl/wolfcrypt/ripemd.h>
62 #include <wolfssl/wolfcrypt/error-crypt.h>
64 #include <wolfssl/wolfcrypt/ecc.h>
66 #ifdef HAVE_CURVE25519
67 #include <wolfssl/wolfcrypt/curve25519.h>
70 #include <wolfssl/wolfcrypt/ed25519.h>
73 #include <wolfssl/wolfcrypt/blake2.h>
76 #include <wolfssl/wolfcrypt/compress.h>
79 #include <wolfssl/wolfcrypt/pkcs7.h>
82 #include <wolfssl/wolfcrypt/fips_test.h>
86 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
87 #pragma warning(disable: 4996)
91 #include <wolfssl/openssl/evp.h>
92 #include <wolfssl/openssl/rand.h>
93 #include <wolfssl/openssl/hmac.h>
94 #include <wolfssl/openssl/des.h>
98 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \
100 /* include test cert and key buffers for use with NO_FILESYSTEM */
101 #if defined(WOLFSSL_MDK_ARM)
102 #include "cert_data.h"
103 /* use certs_test.c for initial data, so other
104 commands can share the data. */
106 #include <wolfssl/certs_test.h>
110 #if defined(WOLFSSL_MDK_ARM)
113 extern FILE * wolfSSL_fopen(const char *fname, const char *mode) ;
114 #define fopen wolfSSL_fopen
118 #include "ntru_crypto.h"
121 #include "cavium_sysdep.h"
122 #include "cavium_common.h"
123 #include "cavium_ioctl.h"
136 /* since just testing, use THREADX log printf instead */
137 int dc_log_printf(char*, ...);
139 #define printf dc_log_printf
142 #include "wolfcrypt/test/test.h"
145 typedef struct testVector {
156 int sha256_test(void);
157 int sha512_test(void);
158 int sha384_test(void);
159 int hmac_md5_test(void);
160 int hmac_sha_test(void);
161 int hmac_sha256_test(void);
162 int hmac_sha384_test(void);
163 int hmac_sha512_test(void);
164 int hmac_blake2b_test(void);
167 int hc128_test(void);
168 int rabbit_test(void);
169 int chacha_test(void);
170 int chacha20_poly1305_aead_test(void);
174 int poly1305_test(void);
175 int aesgcm_test(void);
177 int aesccm_test(void);
178 int camellia_test(void);
182 int random_test(void);
183 int pwdbased_test(void);
184 int ripemd_test(void);
185 int openssl_test(void); /* test mini api */
186 int pbkdf1_test(void);
187 int pkcs12_test(void);
188 int pbkdf2_test(void);
191 #ifdef HAVE_ECC_ENCRYPT
192 int ecc_encrypt_test(void);
195 #ifdef HAVE_CURVE25519
196 int curve25519_test(void);
199 int ed25519_test(void);
202 int blake2b_test(void);
205 int compress_test(void);
208 int pkcs7enveloped_test(void);
209 int pkcs7signed_test(void);
213 /* General big buffer size for many tests. */
214 #define FOURK_BUF 4096
217 static int err_sys(const char* msg, int es)
220 printf("%s error = %d\n", msg, es);
221 return -1; /* error state */
224 /* func_args from test.h, so don't have to pull in other junk */
225 typedef struct func_args {
234 static void myFipsCb(int ok, int err, const char* hash)
236 printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
237 printf("message = %s\n", wc_GetErrorString(err));
238 printf("hash = %s\n", hash);
240 if (err == IN_CORE_FIPS_E) {
241 printf("In core integrity hash check failure, copy above hash\n");
242 printf("into verifyCore[] in fips_test.c and rebuild\n");
246 #endif /* HAVE_FIPS */
249 int wolfcrypt_test(void* args)
253 ((func_args*)args)->return_code = -1; /* error state */
256 wolfCrypt_SetCb_fips(myFipsCb);
259 #if !defined(NO_BIG_INT)
260 if (CheckCtcSettings() != 1)
261 return err_sys("Build vs runtime math mismatch\n", -1234);
264 if (CheckFastMathSettings() != 1)
265 return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
267 #endif /* USE_FAST_MATH */
268 #endif /* !NO_BIG_INT */
272 if ( (ret = md5_test()) != 0)
273 return err_sys("MD5 test failed!\n", ret);
275 printf( "MD5 test passed!\n");
279 if ( (ret = md2_test()) != 0)
280 return err_sys("MD2 test failed!\n", ret);
282 printf( "MD2 test passed!\n");
286 if ( (ret = md4_test()) != 0)
287 return err_sys("MD4 test failed!\n", ret);
289 printf( "MD4 test passed!\n");
293 if ( (ret = sha_test()) != 0)
294 return err_sys("SHA test failed!\n", ret);
296 printf( "SHA test passed!\n");
300 if ( (ret = sha256_test()) != 0)
301 return err_sys("SHA-256 test failed!\n", ret);
303 printf( "SHA-256 test passed!\n");
306 #ifdef WOLFSSL_SHA384
307 if ( (ret = sha384_test()) != 0)
308 return err_sys("SHA-384 test failed!\n", ret);
310 printf( "SHA-384 test passed!\n");
313 #ifdef WOLFSSL_SHA512
314 if ( (ret = sha512_test()) != 0)
315 return err_sys("SHA-512 test failed!\n", ret);
317 printf( "SHA-512 test passed!\n");
320 #ifdef WOLFSSL_RIPEMD
321 if ( (ret = ripemd_test()) != 0)
322 return err_sys("RIPEMD test failed!\n", ret);
324 printf( "RIPEMD test passed!\n");
328 if ( (ret = blake2b_test()) != 0)
329 return err_sys("BLAKE2b test failed!\n", ret);
331 printf( "BLAKE2b test passed!\n");
336 if ( (ret = hmac_md5_test()) != 0)
337 return err_sys("HMAC-MD5 test failed!\n", ret);
339 printf( "HMAC-MD5 test passed!\n");
343 if ( (ret = hmac_sha_test()) != 0)
344 return err_sys("HMAC-SHA test failed!\n", ret);
346 printf( "HMAC-SHA test passed!\n");
350 if ( (ret = hmac_sha256_test()) != 0)
351 return err_sys("HMAC-SHA256 test failed!\n", ret);
353 printf( "HMAC-SHA256 test passed!\n");
356 #ifdef WOLFSSL_SHA384
357 if ( (ret = hmac_sha384_test()) != 0)
358 return err_sys("HMAC-SHA384 test failed!\n", ret);
360 printf( "HMAC-SHA384 test passed!\n");
363 #ifdef WOLFSSL_SHA512
364 if ( (ret = hmac_sha512_test()) != 0)
365 return err_sys("HMAC-SHA512 test failed!\n", ret);
367 printf( "HMAC-SHA512 test passed!\n");
371 if ( (ret = hmac_blake2b_test()) != 0)
372 return err_sys("HMAC-BLAKE2 test failed!\n", ret);
374 printf( "HMAC-BLAKE2 test passed!\n");
378 if ( (ret = hkdf_test()) != 0)
379 return err_sys("HMAC-KDF test failed!\n", ret);
381 printf( "HMAC-KDF test passed!\n");
387 if ( (ret = gmac_test()) != 0)
388 return err_sys("GMAC test passed!\n", ret);
390 printf( "GMAC test passed!\n");
394 if ( (ret = arc4_test()) != 0)
395 return err_sys("ARC4 test failed!\n", ret);
397 printf( "ARC4 test passed!\n");
401 if ( (ret = hc128_test()) != 0)
402 return err_sys("HC-128 test failed!\n", ret);
404 printf( "HC-128 test passed!\n");
408 if ( (ret = rabbit_test()) != 0)
409 return err_sys("Rabbit test failed!\n", ret);
411 printf( "Rabbit test passed!\n");
415 if ( (ret = chacha_test()) != 0)
416 return err_sys("Chacha test failed!\n", ret);
418 printf( "Chacha test passed!\n");
422 if ( (ret = poly1305_test()) != 0)
423 return err_sys("POLY1305 test failed!\n", ret);
425 printf( "POLY1305 test passed!\n");
428 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
429 if ( (ret = chacha20_poly1305_aead_test()) != 0)
430 return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
432 printf( "ChaCha20-Poly1305 AEAD test passed!\n");
436 if ( (ret = des_test()) != 0)
437 return err_sys("DES test failed!\n", ret);
439 printf( "DES test passed!\n");
443 if ( (ret = des3_test()) != 0)
444 return err_sys("DES3 test failed!\n", ret);
446 printf( "DES3 test passed!\n");
450 if ( (ret = aes_test()) != 0)
451 return err_sys("AES test failed!\n", ret);
453 printf( "AES test passed!\n");
456 if ( (ret = aesgcm_test()) != 0)
457 return err_sys("AES-GCM test failed!\n", ret);
459 printf( "AES-GCM test passed!\n");
463 if ( (ret = aesccm_test()) != 0)
464 return err_sys("AES-CCM test failed!\n", ret);
466 printf( "AES-CCM test passed!\n");
471 if ( (ret = camellia_test()) != 0)
472 return err_sys("CAMELLIA test failed!\n", ret);
474 printf( "CAMELLIA test passed!\n");
477 if ( (ret = random_test()) != 0)
478 return err_sys("RANDOM test failed!\n", ret);
480 printf( "RANDOM test passed!\n");
483 if ( (ret = rsa_test()) != 0)
484 return err_sys("RSA test failed!\n", ret);
486 printf( "RSA test passed!\n");
490 if ( (ret = dh_test()) != 0)
491 return err_sys("DH test failed!\n", ret);
493 printf( "DH test passed!\n");
497 if ( (ret = dsa_test()) != 0)
498 return err_sys("DSA test failed!\n", ret);
500 printf( "DSA test passed!\n");
504 if ( (ret = pwdbased_test()) != 0)
505 return err_sys("PWDBASED test failed!\n", ret);
507 printf( "PWDBASED test passed!\n");
511 if ( (ret = openssl_test()) != 0)
512 return err_sys("OPENSSL test failed!\n", ret);
514 printf( "OPENSSL test passed!\n");
518 if ( (ret = ecc_test()) != 0)
519 return err_sys("ECC test failed!\n", ret);
521 printf( "ECC test passed!\n");
522 #ifdef HAVE_ECC_ENCRYPT
523 if ( (ret = ecc_encrypt_test()) != 0)
524 return err_sys("ECC Enc test failed!\n", ret);
526 printf( "ECC Enc test passed!\n");
530 #ifdef HAVE_CURVE25519
531 if ( (ret = curve25519_test()) != 0)
532 return err_sys("CURVE25519 test failed!\n", ret);
534 printf( "CURVE25519 test passed!\n");
538 if ( (ret = ed25519_test()) != 0)
539 return err_sys("ED25519 test failed!\n", ret);
541 printf( "ED25519 test passed!\n");
545 if ( (ret = compress_test()) != 0)
546 return err_sys("COMPRESS test failed!\n", ret);
548 printf( "COMPRESS test passed!\n");
552 if ( (ret = pkcs7enveloped_test()) != 0)
553 return err_sys("PKCS7enveloped test failed!\n", ret);
555 printf( "PKCS7enveloped test passed!\n");
557 if ( (ret = pkcs7signed_test()) != 0)
558 return err_sys("PKCS7signed test failed!\n", ret);
560 printf( "PKCS7signed test passed!\n");
563 ((func_args*)args)->return_code = ret;
569 #ifndef NO_MAIN_DRIVER
573 static int OpenNitroxDevice(int dma_mode,int dev_id)
575 Csp1CoreAssignment core_assign;
578 if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
580 if (Csp1GetDevType(&device))
582 if (device != NPX_DEVICE) {
583 if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
584 (Uint32 *)&core_assign)!= 0)
587 CspShutdown(CAVIUM_DEV_ID);
589 return CspInitialize(dma_mode, dev_id);
592 #endif /* HAVE_CAVIUM */
594 /* so overall tests can pull in test function */
596 int main(int argc, char** argv)
603 int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
605 err_sys("Cavium OpenNitroxDevice failed", -1236);
608 #endif /* HAVE_CAVIUM */
613 wolfcrypt_test(&args);
616 CspShutdown(CAVIUM_DEV_ID);
619 return args.return_code;
622 #endif /* NO_MAIN_DRIVER */
629 byte hash[MD2_DIGEST_SIZE];
631 testVector a, b, c, d, e, f, g;
632 testVector test_md2[7];
633 int times = sizeof(test_md2) / sizeof(testVector), i;
636 a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
638 a.inLen = strlen(a.input);
639 a.outLen = MD2_DIGEST_SIZE;
642 b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
644 b.inLen = strlen(b.input);
645 b.outLen = MD2_DIGEST_SIZE;
648 c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
650 c.inLen = strlen(c.input);
651 c.outLen = MD2_DIGEST_SIZE;
653 d.input = "message digest";
654 d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
656 d.inLen = strlen(d.input);
657 d.outLen = MD2_DIGEST_SIZE;
659 e.input = "abcdefghijklmnopqrstuvwxyz";
660 e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
662 e.inLen = strlen(e.input);
663 e.outLen = MD2_DIGEST_SIZE;
665 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
667 f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
669 f.inLen = strlen(f.input);
670 f.outLen = MD2_DIGEST_SIZE;
672 g.input = "1234567890123456789012345678901234567890123456789012345678"
673 "9012345678901234567890";
674 g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
676 g.inLen = strlen(g.input);
677 g.outLen = MD2_DIGEST_SIZE;
689 for (i = 0; i < times; ++i) {
690 wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
691 wc_Md2Final(&md2, hash);
693 if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
705 byte hash[MD5_DIGEST_SIZE];
707 testVector a, b, c, d, e;
708 testVector test_md5[5];
709 int times = sizeof(test_md5) / sizeof(testVector), i;
712 a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
714 a.inLen = strlen(a.input);
715 a.outLen = MD5_DIGEST_SIZE;
717 b.input = "message digest";
718 b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
720 b.inLen = strlen(b.input);
721 b.outLen = MD5_DIGEST_SIZE;
723 c.input = "abcdefghijklmnopqrstuvwxyz";
724 c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
726 c.inLen = strlen(c.input);
727 c.outLen = MD5_DIGEST_SIZE;
729 d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
731 d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
733 d.inLen = strlen(d.input);
734 d.outLen = MD5_DIGEST_SIZE;
736 e.input = "1234567890123456789012345678901234567890123456789012345678"
737 "9012345678901234567890";
738 e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
740 e.inLen = strlen(e.input);
741 e.outLen = MD5_DIGEST_SIZE;
751 for (i = 0; i < times; ++i) {
752 wc_Md5Update(&md5, (byte*)test_md5[i].input, (word32)test_md5[i].inLen);
753 wc_Md5Final(&md5, hash);
755 if (memcmp(hash, test_md5[i].output, MD5_DIGEST_SIZE) != 0)
769 byte hash[MD4_DIGEST_SIZE];
771 testVector a, b, c, d, e, f, g;
772 testVector test_md4[7];
773 int times = sizeof(test_md4) / sizeof(testVector), i;
776 a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
778 a.inLen = strlen(a.input);
779 a.outLen = MD4_DIGEST_SIZE;
782 b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
784 b.inLen = strlen(b.input);
785 b.outLen = MD4_DIGEST_SIZE;
788 c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
790 c.inLen = strlen(c.input);
791 c.outLen = MD4_DIGEST_SIZE;
793 d.input = "message digest";
794 d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
796 d.inLen = strlen(d.input);
797 d.outLen = MD4_DIGEST_SIZE;
799 e.input = "abcdefghijklmnopqrstuvwxyz";
800 e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
802 e.inLen = strlen(e.input);
803 e.outLen = MD4_DIGEST_SIZE;
805 f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
807 f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
809 f.inLen = strlen(f.input);
810 f.outLen = MD4_DIGEST_SIZE;
812 g.input = "1234567890123456789012345678901234567890123456789012345678"
813 "9012345678901234567890";
814 g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
816 g.inLen = strlen(g.input);
817 g.outLen = MD4_DIGEST_SIZE;
829 for (i = 0; i < times; ++i) {
830 wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
831 wc_Md4Final(&md4, hash);
833 if (memcmp(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
847 byte hash[SHA_DIGEST_SIZE];
849 testVector a, b, c, d;
850 testVector test_sha[4];
852 int times = sizeof(test_sha) / sizeof(struct testVector), i;
855 a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
856 "\x6C\x9C\xD0\xD8\x9D";
857 a.inLen = strlen(a.input);
858 a.outLen = SHA_DIGEST_SIZE;
860 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
861 b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
862 "\xE5\xE5\x46\x70\xF1";
863 b.inLen = strlen(b.input);
864 b.outLen = SHA_DIGEST_SIZE;
866 c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
868 c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
869 "\x2A\x25\xEC\x64\x4D";
870 c.inLen = strlen(c.input);
871 c.outLen = SHA_DIGEST_SIZE;
873 d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
874 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
876 d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
877 "\x53\x99\x5E\x26\xA0";
878 d.inLen = strlen(d.input);
879 d.outLen = SHA_DIGEST_SIZE;
886 ret = wc_InitSha(&sha);
890 for (i = 0; i < times; ++i) {
891 wc_ShaUpdate(&sha, (byte*)test_sha[i].input, (word32)test_sha[i].inLen);
892 wc_ShaFinal(&sha, hash);
894 if (memcmp(hash, test_sha[i].output, SHA_DIGEST_SIZE) != 0)
903 #ifdef WOLFSSL_RIPEMD
904 int ripemd_test(void)
907 byte hash[RIPEMD_DIGEST_SIZE];
909 testVector a, b, c, d;
910 testVector test_ripemd[4];
911 int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
914 a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
915 "\xb0\x87\xf1\x5a\x0b\xfc";
916 a.inLen = strlen(a.input);
917 a.outLen = RIPEMD_DIGEST_SIZE;
919 b.input = "message digest";
920 b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
921 "\x5f\xfa\x21\x59\x5f\x36";
922 b.inLen = strlen(b.input);
923 b.outLen = RIPEMD_DIGEST_SIZE;
925 c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
926 c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
927 "\xf4\x9a\xda\x62\xeb\x2b";
928 c.inLen = strlen(c.input);
929 c.outLen = RIPEMD_DIGEST_SIZE;
931 d.input = "12345678901234567890123456789012345678901234567890123456"
932 "789012345678901234567890";
933 d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
934 "\x82\xbf\x63\x32\x6b\xfb";
935 d.inLen = strlen(d.input);
936 d.outLen = RIPEMD_DIGEST_SIZE;
943 wc_InitRipeMd(&ripemd);
945 for (i = 0; i < times; ++i) {
946 wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
947 (word32)test_ripemd[i].inLen);
948 wc_RipeMdFinal(&ripemd, hash);
950 if (memcmp(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
956 #endif /* WOLFSSL_RIPEMD */
962 #define BLAKE2_TESTS 3
964 static const byte blake2b_vec[BLAKE2_TESTS][BLAKE2B_OUTBYTES] =
967 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
968 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
969 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
970 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
971 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
972 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
973 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
974 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
977 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
978 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
979 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
980 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
981 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
982 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
983 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
984 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
987 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
988 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
989 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
990 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
991 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
992 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
993 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
994 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
1000 int blake2b_test(void)
1007 for (i = 0; i < (int)sizeof(input); i++)
1010 for (i = 0; i < BLAKE2_TESTS; i++) {
1011 ret = wc_InitBlake2b(&b2b, 64);
1015 ret = wc_Blake2bUpdate(&b2b, input, i);
1019 ret = wc_Blake2bFinal(&b2b, digest, 64);
1023 if (memcmp(digest, blake2b_vec[i], 64) != 0) {
1030 #endif /* HAVE_BLAKE2 */
1034 int sha256_test(void)
1037 byte hash[SHA256_DIGEST_SIZE];
1040 testVector test_sha[2];
1042 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1045 a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
1046 "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
1048 a.inLen = strlen(a.input);
1049 a.outLen = SHA256_DIGEST_SIZE;
1051 b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
1052 b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
1053 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
1055 b.inLen = strlen(b.input);
1056 b.outLen = SHA256_DIGEST_SIZE;
1061 ret = wc_InitSha256(&sha);
1065 for (i = 0; i < times; ++i) {
1066 ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1069 ret = wc_Sha256Final(&sha, hash);
1073 if (memcmp(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
1082 #ifdef WOLFSSL_SHA512
1083 int sha512_test(void)
1086 byte hash[SHA512_DIGEST_SIZE];
1090 testVector test_sha[2];
1091 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1094 a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
1095 "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
1096 "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
1097 "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
1099 a.inLen = strlen(a.input);
1100 a.outLen = SHA512_DIGEST_SIZE;
1102 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1103 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1104 b.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
1105 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
1106 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
1107 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
1109 b.inLen = strlen(b.input);
1110 b.outLen = SHA512_DIGEST_SIZE;
1115 ret = wc_InitSha512(&sha);
1119 for (i = 0; i < times; ++i) {
1120 ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1124 ret = wc_Sha512Final(&sha, hash);
1128 if (memcmp(hash, test_sha[i].output, SHA512_DIGEST_SIZE) != 0)
1137 #ifdef WOLFSSL_SHA384
1138 int sha384_test(void)
1141 byte hash[SHA384_DIGEST_SIZE];
1145 testVector test_sha[2];
1146 int times = sizeof(test_sha) / sizeof(struct testVector), i;
1149 a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
1150 "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
1151 "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
1153 a.inLen = strlen(a.input);
1154 a.outLen = SHA384_DIGEST_SIZE;
1156 b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
1157 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
1158 b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
1159 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
1160 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
1162 b.inLen = strlen(b.input);
1163 b.outLen = SHA384_DIGEST_SIZE;
1168 ret = wc_InitSha384(&sha);
1172 for (i = 0; i < times; ++i) {
1173 ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
1177 ret = wc_Sha384Final(&sha, hash);
1181 if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
1187 #endif /* WOLFSSL_SHA384 */
1190 #if !defined(NO_HMAC) && !defined(NO_MD5)
1191 int hmac_md5_test(void)
1194 byte hash[MD5_DIGEST_SIZE];
1198 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
1200 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1204 testVector test_hmac[3];
1207 int times = sizeof(test_hmac) / sizeof(testVector), i;
1209 a.input = "Hi There";
1210 a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
1212 a.inLen = strlen(a.input);
1213 a.outLen = MD5_DIGEST_SIZE;
1215 b.input = "what do ya want for nothing?";
1216 b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
1218 b.inLen = strlen(b.input);
1219 b.outLen = MD5_DIGEST_SIZE;
1221 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1222 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1223 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1224 "\xDD\xDD\xDD\xDD\xDD\xDD";
1225 c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
1227 c.inLen = strlen(c.input);
1228 c.outLen = MD5_DIGEST_SIZE;
1234 for (i = 0; i < times; ++i) {
1235 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1237 continue; /* cavium can't handle short keys, fips not allowed */
1240 if (wc_HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1243 ret = wc_HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
1246 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1247 (word32)test_hmac[i].inLen);
1250 ret = wc_HmacFinal(&hmac, hash);
1254 if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0)
1257 wc_HmacFreeCavium(&hmac);
1263 #endif /* NO_HMAC && NO_MD5 */
1265 #if !defined(NO_HMAC) && !defined(NO_SHA)
1266 int hmac_sha_test(void)
1269 byte hash[SHA_DIGEST_SIZE];
1273 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1276 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1281 testVector test_hmac[3];
1284 int times = sizeof(test_hmac) / sizeof(testVector), i;
1286 a.input = "Hi There";
1287 a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
1288 "\x8e\xf1\x46\xbe\x00";
1289 a.inLen = strlen(a.input);
1290 a.outLen = SHA_DIGEST_SIZE;
1292 b.input = "what do ya want for nothing?";
1293 b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
1294 "\x9c\x25\x9a\x7c\x79";
1295 b.inLen = strlen(b.input);
1296 b.outLen = SHA_DIGEST_SIZE;
1298 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1299 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1300 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1301 "\xDD\xDD\xDD\xDD\xDD\xDD";
1302 c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
1303 "\x4f\x63\xf1\x75\xd3";
1304 c.inLen = strlen(c.input);
1305 c.outLen = SHA_DIGEST_SIZE;
1311 for (i = 0; i < times; ++i) {
1312 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1314 continue; /* cavium can't handle short keys, fips not allowed */
1317 if (wc_HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1320 ret = wc_HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
1323 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1324 (word32)test_hmac[i].inLen);
1327 ret = wc_HmacFinal(&hmac, hash);
1331 if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0)
1334 wc_HmacFreeCavium(&hmac);
1343 #if !defined(NO_HMAC) && !defined(NO_SHA256)
1344 int hmac_sha256_test(void)
1347 byte hash[SHA256_DIGEST_SIZE];
1351 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1354 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1359 testVector test_hmac[3];
1362 int times = sizeof(test_hmac) / sizeof(testVector), i;
1364 a.input = "Hi There";
1365 a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
1366 "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
1368 a.inLen = strlen(a.input);
1369 a.outLen = SHA256_DIGEST_SIZE;
1371 b.input = "what do ya want for nothing?";
1372 b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
1373 "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
1375 b.inLen = strlen(b.input);
1376 b.outLen = SHA256_DIGEST_SIZE;
1378 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1379 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1380 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1381 "\xDD\xDD\xDD\xDD\xDD\xDD";
1382 c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
1383 "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
1385 c.inLen = strlen(c.input);
1386 c.outLen = SHA256_DIGEST_SIZE;
1392 for (i = 0; i < times; ++i) {
1393 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1395 continue; /* cavium can't handle short keys, fips not allowed */
1398 if (wc_HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1401 ret = wc_HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i]));
1404 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1405 (word32)test_hmac[i].inLen);
1408 ret = wc_HmacFinal(&hmac, hash);
1412 if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0)
1415 wc_HmacFreeCavium(&hmac);
1424 #if !defined(NO_HMAC) && defined(HAVE_BLAKE2)
1425 int hmac_blake2b_test(void)
1428 byte hash[BLAKE2B_256];
1432 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1435 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1440 testVector test_hmac[3];
1443 int times = sizeof(test_hmac) / sizeof(testVector), i;
1445 a.input = "Hi There";
1446 a.output = "\x72\x93\x0d\xdd\xf5\xf7\xe1\x78\x38\x07\x44\x18\x0b\x3f\x51"
1447 "\x37\x25\xb5\x82\xc2\x08\x83\x2f\x1c\x99\xfd\x03\xa0\x16\x75"
1449 a.inLen = strlen(a.input);
1450 a.outLen = BLAKE2B_256;
1452 b.input = "what do ya want for nothing?";
1453 b.output = "\x3d\x20\x50\x71\x05\xc0\x8c\x0c\x38\x44\x1e\xf7\xf9\xd1\x67"
1454 "\x21\xff\x64\xf5\x94\x00\xcf\xf9\x75\x41\xda\x88\x61\x9d\x7c"
1456 b.inLen = strlen(b.input);
1457 b.outLen = BLAKE2B_256;
1459 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1460 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1461 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1462 "\xDD\xDD\xDD\xDD\xDD\xDD";
1463 c.output = "\xda\xfe\x2a\x24\xfc\xe7\xea\x36\x34\xbe\x41\x92\xc7\x11\xa7"
1464 "\x00\xae\x53\x9c\x11\x9c\x80\x74\x55\x22\x25\x4a\xb9\x55\xd3"
1466 c.inLen = strlen(c.input);
1467 c.outLen = BLAKE2B_256;
1473 for (i = 0; i < times; ++i) {
1474 #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
1476 continue; /* cavium can't handle short keys, fips not allowed */
1479 if (wc_HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
1482 ret = wc_HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i],
1483 (word32)strlen(keys[i]));
1486 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1487 (word32)test_hmac[i].inLen);
1490 ret = wc_HmacFinal(&hmac, hash);
1494 if (memcmp(hash, test_hmac[i].output, BLAKE2B_256) != 0)
1497 wc_HmacFreeCavium(&hmac);
1506 #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
1507 int hmac_sha384_test(void)
1510 byte hash[SHA384_DIGEST_SIZE];
1514 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1517 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1522 testVector test_hmac[3];
1525 int times = sizeof(test_hmac) / sizeof(testVector), i;
1527 a.input = "Hi There";
1528 a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
1529 "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
1530 "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
1532 a.inLen = strlen(a.input);
1533 a.outLen = SHA384_DIGEST_SIZE;
1535 b.input = "what do ya want for nothing?";
1536 b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
1537 "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
1538 "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
1540 b.inLen = strlen(b.input);
1541 b.outLen = SHA384_DIGEST_SIZE;
1543 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1544 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1545 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1546 "\xDD\xDD\xDD\xDD\xDD\xDD";
1547 c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
1548 "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
1549 "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
1551 c.inLen = strlen(c.input);
1552 c.outLen = SHA384_DIGEST_SIZE;
1558 for (i = 0; i < times; ++i) {
1559 #if defined(HAVE_FIPS)
1561 continue; /* fips not allowed */
1563 ret = wc_HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
1566 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1567 (word32)test_hmac[i].inLen);
1570 ret = wc_HmacFinal(&hmac, hash);
1574 if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0)
1583 #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
1584 int hmac_sha512_test(void)
1587 byte hash[SHA512_DIGEST_SIZE];
1591 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
1594 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
1599 testVector test_hmac[3];
1602 int times = sizeof(test_hmac) / sizeof(testVector), i;
1604 a.input = "Hi There";
1605 a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
1606 "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
1607 "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
1608 "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
1610 a.inLen = strlen(a.input);
1611 a.outLen = SHA512_DIGEST_SIZE;
1613 b.input = "what do ya want for nothing?";
1614 b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
1615 "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
1616 "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
1617 "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
1619 b.inLen = strlen(b.input);
1620 b.outLen = SHA512_DIGEST_SIZE;
1622 c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1623 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1624 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
1625 "\xDD\xDD\xDD\xDD\xDD\xDD";
1626 c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
1627 "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
1628 "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
1629 "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
1631 c.inLen = strlen(c.input);
1632 c.outLen = SHA512_DIGEST_SIZE;
1638 for (i = 0; i < times; ++i) {
1639 #if defined(HAVE_FIPS)
1641 continue; /* fips not allowed */
1643 ret = wc_HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
1646 ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
1647 (word32)test_hmac[i].inLen);
1650 ret = wc_HmacFinal(&hmac, hash);
1654 if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0)
1669 const char* keys[] =
1671 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1672 "\x01\x23\x45\x67\x89\xab\xcd\xef",
1673 "\x00\x00\x00\x00\x00\x00\x00\x00",
1677 testVector a, b, c, d;
1678 testVector test_arc4[4];
1680 int times = sizeof(test_arc4) / sizeof(testVector), i;
1682 a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
1683 a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
1687 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1688 b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
1692 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1693 c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
1697 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1698 d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
1707 for (i = 0; i < times; ++i) {
1710 int keylen = 8; /* strlen with key 0x00 not good */
1715 if (wc_Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0)
1717 if (wc_Arc4InitCavium(&dec, CAVIUM_DEV_ID) != 0)
1721 wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
1722 wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
1724 wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
1725 (word32)test_arc4[i].outLen);
1726 wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
1728 if (memcmp(plain, test_arc4[i].input, test_arc4[i].outLen))
1731 if (memcmp(cipher, test_arc4[i].output, test_arc4[i].outLen))
1735 wc_Arc4FreeCavium(&enc);
1736 wc_Arc4FreeCavium(&dec);
1745 int hc128_test(void)
1751 const char* keys[] =
1753 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1754 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1755 "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
1756 "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
1761 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1762 "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1763 "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
1764 "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
1768 testVector a, b, c, d;
1769 testVector test_hc128[4];
1771 int times = sizeof(test_hc128) / sizeof(testVector), i;
1773 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1774 a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
1778 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1779 b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
1783 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1784 c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
1788 d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
1789 d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
1798 for (i = 0; i < times; ++i) {
1802 /* align keys/ivs in plain/cipher buffers */
1803 memcpy(plain, keys[i], 16);
1804 memcpy(cipher, ivs[i], 16);
1806 wc_Hc128_SetKey(&enc, plain, cipher);
1807 wc_Hc128_SetKey(&dec, plain, cipher);
1810 memcpy(plain, test_hc128[i].input, test_hc128[i].outLen);
1811 wc_Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen);
1812 wc_Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen);
1814 if (memcmp(plain, test_hc128[i].input, test_hc128[i].outLen))
1817 if (memcmp(cipher, test_hc128[i].output, test_hc128[i].outLen))
1818 return -120 - 5 - i;
1821 #endif /* HAVE_HC128 */
1827 int rabbit_test(void)
1832 const char* keys[] =
1834 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1835 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
1836 "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
1841 "\x00\x00\x00\x00\x00\x00\x00\x00",
1842 "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
1847 testVector test_rabbit[3];
1849 int times = sizeof(test_rabbit) / sizeof(testVector), i;
1851 a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1852 a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
1856 b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1857 b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
1861 c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
1862 c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
1870 for (i = 0; i < times; ++i) {
1875 /* align keys/ivs in plain/cipher buffers */
1876 memcpy(plain, keys[i], 16);
1878 memcpy(cipher, ivs[i], 8);
1882 wc_RabbitSetKey(&enc, plain, iv);
1883 wc_RabbitSetKey(&dec, plain, iv);
1886 memcpy(plain, test_rabbit[i].input, test_rabbit[i].outLen);
1887 wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
1888 wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
1890 if (memcmp(plain, test_rabbit[i].input, test_rabbit[i].outLen))
1893 if (memcmp(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
1894 return -130 - 5 - i;
1899 #endif /* NO_RABBIT */
1903 int chacha_test(void)
1909 byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
1914 static const byte key1[] =
1916 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1917 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1918 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1919 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
1922 static const byte key2[] =
1924 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1925 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1926 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1927 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
1930 static const byte key3[] =
1932 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1933 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1934 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1935 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
1939 static const byte key4[] =
1941 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1942 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
1946 const byte* keys[] = {key1, key2, key3, key4};
1948 static const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1949 static const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1950 static const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
1951 static const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1954 const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
1957 byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
1958 byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
1959 byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
1960 byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
1962 byte* test_chacha[4];
1969 for (i = 0; i < times; ++i) {
1977 XMEMCPY(plain, keys[i], keySz);
1978 XMEMSET(cipher, 0, 32);
1979 XMEMCPY(cipher + 4, ivs[i], 8);
1981 wc_Chacha_SetKey(&enc, keys[i], keySz);
1982 wc_Chacha_SetKey(&dec, keys[i], keySz);
1984 wc_Chacha_SetIV(&enc, cipher, 0);
1985 wc_Chacha_SetIV(&dec, cipher, 0);
1986 XMEMCPY(plain, input, 8);
1988 wc_Chacha_Process(&enc, cipher, plain, (word32)8);
1989 wc_Chacha_Process(&dec, plain, cipher, (word32)8);
1991 if (memcmp(test_chacha[i], cipher, 8))
1992 return -130 - 5 - i;
1994 if (memcmp(plain, input, 8))
2000 #endif /* HAVE_CHACHA */
2003 #ifdef HAVE_POLY1305
2004 int poly1305_test(void)
2013 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
2014 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
2015 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
2016 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
2022 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
2028 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
2029 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
2030 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
2031 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
2034 const byte correct[] =
2036 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
2037 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
2041 const byte correct2[] =
2043 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
2044 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
2047 const byte correct3[] =
2049 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
2050 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
2053 const byte key[] = {
2054 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
2055 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
2056 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
2057 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
2060 const byte key2[] = {
2061 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
2062 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
2063 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
2064 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
2067 const byte* msgs[] = {msg, msg2, msg3};
2068 word32 szm[] = {sizeof(msg),sizeof(msg2),sizeof(msg3)};
2069 const byte* keys[] = {key, key2, key2};
2070 const byte* tests[] = {correct, correct2, correct3};
2072 for (i = 0; i < 3; i++) {
2073 ret = wc_Poly1305SetKey(&enc, keys[i], 32);
2077 ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
2081 ret = wc_Poly1305Final(&enc, tag);
2085 if (memcmp(tag, tests[i], sizeof(tag)))
2091 #endif /* HAVE_POLY1305 */
2094 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2095 int chacha20_poly1305_aead_test(void)
2097 /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
2098 /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
2100 const byte key1[] = {
2101 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
2102 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
2103 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
2104 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
2107 const byte plaintext1[] = {
2108 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
2109 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
2110 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
2111 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
2112 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
2113 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
2114 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
2115 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
2116 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
2117 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
2118 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
2119 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
2120 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
2121 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
2125 const byte iv1[] = {
2126 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
2127 0x44, 0x45, 0x46, 0x47
2130 const byte aad1[] = { /* additional data */
2131 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
2132 0xc4, 0xc5, 0xc6, 0xc7
2135 const byte cipher1[] = { /* expected output from operation */
2136 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
2137 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
2138 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
2139 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
2140 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
2141 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
2142 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
2143 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
2144 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
2145 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
2146 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
2147 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
2148 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
2149 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
2153 const byte authTag1[] = { /* expected output from operation */
2154 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
2155 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
2158 /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
2159 /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
2161 const byte key2[] = {
2162 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
2163 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
2164 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
2165 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
2168 const byte plaintext2[] = {
2169 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
2170 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
2171 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
2172 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
2173 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
2174 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
2175 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
2176 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
2177 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
2178 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
2179 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
2180 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
2181 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
2182 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
2183 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
2184 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
2185 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
2186 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
2187 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
2188 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
2189 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
2190 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
2191 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
2192 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
2193 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
2194 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
2195 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
2196 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
2197 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
2198 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
2199 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
2200 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
2201 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
2205 const byte iv2[] = {
2206 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
2207 0x05, 0x06, 0x07, 0x08
2210 const byte aad2[] = { /* additional data */
2211 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
2212 0x00, 0x00, 0x4e, 0x91
2215 const byte cipher2[] = { /* expected output from operation */
2216 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
2217 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
2218 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
2219 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
2220 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
2221 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
2222 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
2223 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
2224 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
2225 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
2226 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
2227 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
2228 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
2229 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
2230 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
2231 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
2232 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
2233 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
2234 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
2235 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
2236 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
2237 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
2238 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
2239 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
2240 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
2241 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
2242 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
2243 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
2244 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
2245 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
2246 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
2247 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
2248 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
2252 const byte authTag2[] = { /* expected output from operation */
2253 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
2254 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
2257 byte generatedCiphertext[272];
2258 byte generatedPlaintext[272];
2259 byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
2262 XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
2263 XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
2264 XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
2268 err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
2270 plaintext1, sizeof(plaintext1),
2271 generatedCiphertext, generatedAuthTag);
2277 /* -- Check the ciphertext and authtag */
2279 if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1)))
2284 if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1)))
2289 /* -- Verify decryption works */
2291 err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
2293 cipher1, sizeof(cipher1),
2294 authTag1, generatedPlaintext);
2300 if (XMEMCMP(generatedPlaintext, plaintext1, sizeof( plaintext1)))
2305 XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
2306 XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
2307 XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
2311 err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
2313 plaintext2, sizeof(plaintext2),
2314 generatedCiphertext, generatedAuthTag);
2320 /* -- Check the ciphertext and authtag */
2322 if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2)))
2327 if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2)))
2332 /* -- Verify decryption works */
2334 err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
2336 cipher2, sizeof(cipher2),
2337 authTag2, generatedPlaintext);
2343 if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2)))
2350 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
2356 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
2357 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
2358 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
2359 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
2370 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
2375 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
2378 const byte verify[] =
2380 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
2381 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
2382 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
2387 ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
2391 wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
2392 ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
2395 wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
2397 if (memcmp(plain, vector, sizeof(plain)))
2400 if (memcmp(cipher, verify, sizeof(cipher)))
2405 #endif /* NO_DES3 */
2411 const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
2412 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
2413 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
2414 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
2425 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
2426 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
2427 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
2431 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
2432 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
2433 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
2437 const byte verify3[] =
2439 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
2440 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
2441 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
2448 if (wc_Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
2450 if (wc_Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0)
2453 ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
2456 ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
2459 ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
2462 ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
2466 if (memcmp(plain, vector, sizeof(plain)))
2469 if (memcmp(cipher, verify3, sizeof(cipher)))
2473 wc_Des3_FreeCavium(&enc);
2474 wc_Des3_FreeCavium(&dec);
2487 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
2488 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
2489 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
2490 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
2493 const byte verify[] =
2495 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
2496 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
2499 byte key[] = "0123456789abcdef "; /* align */
2500 byte iv[] = "1234567890abcdef "; /* align */
2502 byte cipher[AES_BLOCK_SIZE * 4];
2503 byte plain [AES_BLOCK_SIZE * 4];
2507 if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
2509 if (wc_AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
2512 ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
2515 ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
2519 ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
2522 ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
2526 if (memcmp(plain, msg, AES_BLOCK_SIZE))
2529 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
2533 wc_AesFreeCavium(&enc);
2534 wc_AesFreeCavium(&dec);
2536 #ifdef WOLFSSL_AES_COUNTER
2538 const byte ctrKey[] =
2540 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
2541 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
2544 const byte ctrIv[] =
2546 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
2547 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
2551 const byte ctrPlain[] =
2553 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2554 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
2555 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
2556 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
2557 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
2558 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
2559 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
2560 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
2563 const byte ctrCipher[] =
2565 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
2566 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
2567 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
2568 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
2569 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
2570 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
2571 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
2572 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
2575 const byte oddCipher[] =
2577 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
2581 wc_AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2582 /* Ctr only uses encrypt, even on key setup */
2583 wc_AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2585 wc_AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4);
2586 wc_AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);
2588 if (memcmp(plain, ctrPlain, AES_BLOCK_SIZE*4))
2591 if (memcmp(cipher, ctrCipher, AES_BLOCK_SIZE*4))
2594 /* let's try with just 9 bytes, non block size test */
2595 wc_AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2596 /* Ctr only uses encrypt, even on key setup */
2597 wc_AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
2599 wc_AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2600 wc_AesCtrEncrypt(&dec, plain, cipher, 9);
2602 if (memcmp(plain, ctrPlain, 9))
2605 if (memcmp(cipher, ctrCipher, 9))
2608 /* and an additional 9 bytes to reuse tmp left buffer */
2609 wc_AesCtrEncrypt(&enc, cipher, ctrPlain, 9);
2610 wc_AesCtrEncrypt(&dec, plain, cipher, 9);
2612 if (memcmp(plain, ctrPlain, 9))
2615 if (memcmp(cipher, oddCipher, 9))
2618 #endif /* WOLFSSL_AES_COUNTER */
2620 #if defined(WOLFSSL_AESNI) && defined(WOLFSSL_AES_DIRECT)
2622 const byte niPlain[] =
2624 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
2625 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
2628 const byte niCipher[] =
2630 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
2631 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
2634 const byte niKey[] =
2636 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
2637 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
2638 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
2639 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
2642 XMEMSET(cipher, 0, AES_BLOCK_SIZE);
2643 ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
2646 wc_AesEncryptDirect(&enc, cipher, niPlain);
2647 if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
2650 XMEMSET(plain, 0, AES_BLOCK_SIZE);
2651 ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
2654 wc_AesDecryptDirect(&dec, plain, niCipher);
2655 if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
2658 #endif /* WOLFSSL_AESNI && WOLFSSL_AES_DIRECT */
2664 int aesgcm_test(void)
2669 * This is Test Case 16 from the document Galois/
2670 * Counter Mode of Operation (GCM) by McGrew and
2675 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2676 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
2677 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
2678 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
2683 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
2684 0xde, 0xca, 0xf8, 0x88
2689 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
2690 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
2691 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
2692 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
2693 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
2694 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
2695 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
2696 0xba, 0x63, 0x7b, 0x39
2701 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2702 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
2703 0xab, 0xad, 0xda, 0xd2
2708 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
2709 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
2710 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
2711 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
2712 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
2713 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
2714 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
2715 0xbc, 0xc9, 0xf6, 0x62
2720 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
2721 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
2730 memset(t2, 0, sizeof(t2));
2731 memset(c2, 0, sizeof(c2));
2732 memset(p2, 0, sizeof(p2));
2734 wc_AesGcmSetKey(&enc, k, sizeof(k));
2735 /* AES-GCM encrypt and decrypt both use AES encrypt internally */
2736 wc_AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2737 t2, sizeof(t2), a, sizeof(a));
2738 if (memcmp(c, c2, sizeof(c2)))
2740 if (memcmp(t, t2, sizeof(t2)))
2743 result = wc_AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2744 t2, sizeof(t2), a, sizeof(a));
2747 if (memcmp(p, p2, sizeof(p2)))
2759 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
2760 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
2764 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
2765 0xe2, 0x8c, 0x8f, 0x16
2769 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
2770 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
2774 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
2775 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
2780 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
2781 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
2785 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
2786 0x1a, 0x60, 0x24, 0xa7
2790 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
2791 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
2795 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
2796 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
2801 0xb8, 0xe4, 0x9a, 0x5e, 0x37, 0xf9, 0x98, 0x2b,
2802 0xb9, 0x6d, 0xd0, 0xc9, 0xb6, 0xab, 0x26, 0xac
2806 0xe4, 0x4a, 0x42, 0x18, 0x8c, 0xae, 0x94, 0x92,
2807 0x6a, 0x9c, 0x26, 0xb0
2811 0x9d, 0xb9, 0x61, 0x68, 0xa6, 0x76, 0x7a, 0x31,
2812 0xf8, 0x29, 0xe4, 0x72, 0x61, 0x68, 0x3f, 0x8a
2816 0x23, 0xe2, 0x9f, 0x66, 0xe4, 0xc6, 0x52, 0x48
2821 memset(tag, 0, sizeof(tag));
2822 wc_GmacSetKey(&gmac, k1, sizeof(k1));
2823 wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
2824 if (memcmp(t1, tag, sizeof(t1)) != 0)
2827 memset(tag, 0, sizeof(tag));
2828 wc_GmacSetKey(&gmac, k2, sizeof(k2));
2829 wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
2830 if (memcmp(t2, tag, sizeof(t2)) != 0)
2833 memset(tag, 0, sizeof(tag));
2834 wc_GmacSetKey(&gmac, k3, sizeof(k3));
2835 wc_GmacUpdate(&gmac, iv3, sizeof(iv3), a3, sizeof(a3), tag, sizeof(t3));
2836 if (memcmp(t3, tag, sizeof(t3)) != 0)
2841 #endif /* HAVE_AESGCM */
2844 int aesccm_test(void)
2851 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
2852 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
2858 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
2859 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
2865 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2866 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2867 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
2872 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
2877 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
2878 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
2879 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
2884 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
2893 memset(t2, 0, sizeof(t2));
2894 memset(c2, 0, sizeof(c2));
2895 memset(p2, 0, sizeof(p2));
2897 wc_AesCcmSetKey(&enc, k, sizeof(k));
2898 /* AES-CCM encrypt and decrypt both use AES encrypt internally */
2899 wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
2900 t2, sizeof(t2), a, sizeof(a));
2901 if (memcmp(c, c2, sizeof(c2)))
2903 if (memcmp(t, t2, sizeof(t2)))
2906 result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv),
2907 t2, sizeof(t2), a, sizeof(a));
2910 if (memcmp(p, p2, sizeof(p2)))
2913 /* Test the authentication failure */
2914 t2[0]++; /* Corrupt the authentication tag. */
2915 result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv),
2916 t2, sizeof(t2), a, sizeof(a));
2920 /* Clear c2 to compare against p2. p2 should be set to zero in case of
2921 * authentication fail. */
2922 memset(c2, 0, sizeof(c2));
2923 if (memcmp(p2, c2, sizeof(p2)))
2928 #endif /* HAVE_AESCCM */
2934 #ifdef HAVE_CAMELLIA
2937 CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
2942 const byte* plaintext;
2944 const byte* ciphertext;
2950 int camellia_test(void)
2952 /* Camellia ECB Test Plaintext */
2953 static const byte pte[] =
2955 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2956 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2959 /* Camellia ECB Test Initialization Vector */
2960 static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
2962 /* Test 1: Camellia ECB 128-bit key */
2963 static const byte k1[] =
2965 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2966 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2968 static const byte c1[] =
2970 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
2971 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
2974 /* Test 2: Camellia ECB 192-bit key */
2975 static const byte k2[] =
2977 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2978 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2979 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
2981 static const byte c2[] =
2983 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
2984 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
2987 /* Test 3: Camellia ECB 256-bit key */
2988 static const byte k3[] =
2990 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2991 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
2992 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
2993 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
2995 static const byte c3[] =
2997 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
2998 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
3001 /* Camellia CBC Test Plaintext */
3002 static const byte ptc[] =
3004 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
3005 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
3008 /* Camellia CBC Test Initialization Vector */
3009 static const byte ivc[] =
3011 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3012 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
3015 /* Test 4: Camellia-CBC 128-bit key */
3016 static const byte k4[] =
3018 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
3019 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
3021 static const byte c4[] =
3023 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
3024 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
3027 /* Test 5: Camellia-CBC 192-bit key */
3028 static const byte k5[] =
3030 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
3031 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
3032 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
3034 static const byte c5[] =
3036 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
3037 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
3040 /* Test 6: CBC 256-bit key */
3041 static const byte k6[] =
3043 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
3044 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
3045 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
3046 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
3048 static const byte c6[] =
3050 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
3051 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
3054 byte out[CAMELLIA_BLOCK_SIZE];
3057 const test_vector_t testVectors[] =
3059 {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
3060 {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
3061 {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
3062 {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
3063 {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
3064 {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
3065 {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
3066 {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
3067 {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
3068 {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
3069 {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
3070 {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
3073 testsSz = sizeof(testVectors)/sizeof(test_vector_t);
3074 for (i = 0; i < testsSz; i++) {
3075 if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
3076 testVectors[i].iv) != 0)
3077 return testVectors[i].errorCode;
3079 switch (testVectors[i].type) {
3081 wc_CamelliaEncryptDirect(&cam, out, testVectors[i].plaintext);
3082 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
3083 return testVectors[i].errorCode;
3086 wc_CamelliaDecryptDirect(&cam, out, testVectors[i].ciphertext);
3087 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
3088 return testVectors[i].errorCode;
3091 wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
3092 CAMELLIA_BLOCK_SIZE);
3093 if (memcmp(out, testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE))
3094 return testVectors[i].errorCode;
3097 wc_CamelliaCbcDecrypt(&cam, out, testVectors[i].ciphertext,
3098 CAMELLIA_BLOCK_SIZE);
3099 if (memcmp(out, testVectors[i].plaintext, CAMELLIA_BLOCK_SIZE))
3100 return testVectors[i].errorCode;
3107 /* Setting the IV and checking it was actually set. */
3108 wc_CamelliaSetIV(&cam, ivc);
3109 if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
3112 /* Setting the IV to NULL should be same as all zeros IV */
3113 if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
3114 XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
3117 /* First parameter should never be null */
3118 if (wc_CamelliaSetIV(NULL, NULL) == 0)
3121 /* First parameter should never be null, check it fails */
3122 if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
3125 /* Key should have a size of 16, 24, or 32 */
3126 if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
3131 #endif /* HAVE_CAMELLIA */
3134 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
3136 int random_test(void)
3138 const byte test1Entropy[] =
3140 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
3141 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
3142 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
3143 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
3145 const byte test1Output[] =
3147 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
3148 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
3149 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
3150 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
3151 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
3152 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
3153 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
3154 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
3155 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
3156 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
3157 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
3159 const byte test2EntropyA[] =
3161 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
3162 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
3163 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
3164 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
3166 const byte test2EntropyB[] =
3168 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
3169 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
3170 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
3172 const byte test2Output[] =
3174 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
3175 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
3176 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
3177 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
3178 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
3179 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
3180 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
3181 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
3182 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
3183 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
3184 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
3187 byte output[SHA256_DIGEST_SIZE * 4];
3190 ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
3191 output, sizeof(output));
3195 if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
3198 ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
3199 test2EntropyB, sizeof(test2EntropyB),
3200 output, sizeof(output));
3204 if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
3210 #else /* HAVE_HASHDRBG || NO_RC4 */
3212 int random_test(void)
3219 ret = wc_InitRngCavium(&rng, CAVIUM_DEV_ID);
3220 if (ret != 0) return -2007;
3222 ret = wc_InitRng(&rng);
3223 if (ret != 0) return -39;
3225 ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block));
3226 if (ret != 0) return -40;
3233 #endif /* HAVE_HASHDRBG || NO_RC4 */
3238 byte GetEntropy(ENTROPY_CMD cmd, byte* out);
3240 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
3245 return (wc_InitRng(&rng) == 0) ? 1 : 0;
3250 if (cmd == GET_BYTE_OF_ENTROPY)
3251 return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
3253 if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
3261 #endif /* HAVE_NTRU */
3265 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3266 #ifdef FREESCALE_MQX
3267 static const char* clientKey = "a:\\certs\\client-key.der";
3268 static const char* clientCert = "a:\\certs\\client-cert.der";
3269 #ifdef WOLFSSL_CERT_GEN
3270 static const char* caKeyFile = "a:\\certs\\ca-key.der";
3271 static const char* caCertFile = "a:\\certs\\ca-cert.pem";
3273 static const char* eccCaKeyFile = "a:\\certs\\ecc-key.der";
3274 static const char* eccCaCertFile = "a:\\certs\\server-ecc.pem";
3277 #elif defined(WOLFSSL_MKD_SHELL)
3278 static char* clientKey = "certs/client-key.der";
3279 static char* clientCert = "certs/client-cert.der";
3280 void set_clientKey(char *key) { clientKey = key ; }
3281 void set_clientCert(char *cert) { clientCert = cert ; }
3282 #ifdef WOLFSSL_CERT_GEN
3283 static char* caKeyFile = "certs/ca-key.der";
3284 static char* caCertFile = "certs/ca-cert.pem";
3285 void set_caKeyFile (char * key) { caKeyFile = key ; }
3286 void set_caCertFile(char * cert) { caCertFile = cert ; }
3288 static const char* eccCaKeyFile = "certs/ecc-key.der";
3289 static const char* eccCaCertFile = "certs/server-ecc.pem";
3290 void set_eccCaKeyFile (char * key) { eccCaKeyFile = key ; }
3291 void set_eccCaCertFile(char * cert) { eccCaCertFile = cert ; }
3295 static const char* clientKey = "./certs/client-key.der";
3296 static const char* clientCert = "./certs/client-cert.der";
3297 #ifdef WOLFSSL_CERT_GEN
3298 static const char* caKeyFile = "./certs/ca-key.der";
3299 static const char* caCertFile = "./certs/ca-cert.pem";
3301 static const char* eccCaKeyFile = "./certs/ecc-key.der";
3302 static const char* eccCaCertFile = "./certs/server-ecc.pem";
3317 byte in[] = "Everyone gets Friday off.";
3318 word32 inLen = (word32)strlen((char*)in);
3321 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
3322 FILE* file, * file2;
3324 #ifdef WOLFSSL_TEST_CERT
3328 tmp = (byte*)malloc(FOURK_BUF);
3332 #ifdef USE_CERT_BUFFERS_1024
3333 XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
3334 bytes = sizeof_client_key_der_1024;
3335 #elif defined(USE_CERT_BUFFERS_2048)
3336 XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
3337 bytes = sizeof_client_key_der_2048;
3339 file = fopen(clientKey, "rb");
3342 err_sys("can't open ./certs/client-key.der, "
3343 "Please run from wolfSSL home dir", -40);
3348 bytes = fread(tmp, 1, FOURK_BUF, file);
3350 #endif /* USE_CERT_BUFFERS */
3353 wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
3355 ret = wc_InitRsaKey(&key, 0);
3360 ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
3365 ret = wc_InitRng(&rng);
3370 ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
3375 ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
3380 if (memcmp(plain, in, inLen)) {
3384 ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
3389 memset(plain, 0, sizeof(plain));
3390 ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
3395 if (memcmp(plain, in, ret)) {
3399 #if defined(WOLFSSL_MDK_ARM)
3400 #define sizeof(s) strlen((char *)(s))
3403 #ifdef USE_CERT_BUFFERS_1024
3404 XMEMCPY(tmp, client_cert_der_1024, sizeof_client_cert_der_1024);
3405 bytes = sizeof_client_cert_der_1024;
3406 #elif defined(USE_CERT_BUFFERS_2048)
3407 XMEMCPY(tmp, client_cert_der_2048, sizeof_client_cert_der_2048);
3408 bytes = sizeof_client_cert_der_2048;
3410 file2 = fopen(clientCert, "rb");
3416 bytes = fread(tmp, 1, FOURK_BUF, file2);
3424 #ifdef WOLFSSL_TEST_CERT
3425 InitDecodedCert(&cert, tmp, (word32)bytes, 0);
3427 ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
3428 if (ret != 0) return -491;
3430 FreeDecodedCert(&cert);
3436 #ifdef WOLFSSL_KEY_GEN
3447 ret = wc_InitRsaKey(&genKey, 0);
3450 ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
3454 der = (byte*)malloc(FOURK_BUF);
3456 wc_FreeRsaKey(&genKey);
3459 pem = (byte*)malloc(FOURK_BUF);
3462 wc_FreeRsaKey(&genKey);
3466 derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
3473 #ifdef FREESCALE_MQX
3474 keyFile = fopen("a:\\certs\\key.der", "wb");
3476 keyFile = fopen("./key.der", "wb");
3481 wc_FreeRsaKey(&genKey);
3484 ret = (int)fwrite(der, 1, derSz, keyFile);
3489 wc_FreeRsaKey(&genKey);
3493 pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
3497 wc_FreeRsaKey(&genKey);
3501 #ifdef FREESCALE_MQX
3502 pemFile = fopen("a:\\certs\\key.pem", "wb");
3504 pemFile = fopen("./key.pem", "wb");
3509 wc_FreeRsaKey(&genKey);
3512 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3517 wc_FreeRsaKey(&genKey);
3521 ret = wc_InitRsaKey(&derIn, 0);
3525 wc_FreeRsaKey(&genKey);
3529 ret = wc_RsaPrivateKeyDecode(der, &idx, &derIn, derSz);
3533 wc_FreeRsaKey(&derIn);
3534 wc_FreeRsaKey(&genKey);
3538 wc_FreeRsaKey(&derIn);
3539 wc_FreeRsaKey(&genKey);
3543 #endif /* WOLFSSL_KEY_GEN */
3546 #ifdef WOLFSSL_CERT_GEN
3556 #ifdef WOLFSSL_TEST_CERT
3560 derCert = (byte*)malloc(FOURK_BUF);
3561 if (derCert == NULL)
3563 pem = (byte*)malloc(FOURK_BUF);
3569 wc_InitCert(&myCert);
3571 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3572 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3573 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3574 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3575 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3576 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3577 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3579 myCert.sigType = CTC_SHA256wRSA;
3581 certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng);
3588 #ifdef WOLFSSL_TEST_CERT
3589 InitDecodedCert(&decode, derCert, certSz, 0);
3590 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3596 FreeDecodedCert(&decode);
3599 #ifdef FREESCALE_MQX
3600 derFile = fopen("a:\\certs\\cert.der", "wb");
3602 derFile = fopen("./cert.der", "wb");
3609 ret = (int)fwrite(derCert, 1, certSz, derFile);
3611 if (ret != certSz) {
3617 pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3624 #ifdef FREESCALE_MQX
3625 pemFile = fopen("a:\\certs\\cert.pem", "wb");
3627 pemFile = fopen("./cert.pem", "wb");
3634 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3657 #ifdef WOLFSSL_TEST_CERT
3661 derCert = (byte*)malloc(FOURK_BUF);
3662 if (derCert == NULL)
3664 pem = (byte*)malloc(FOURK_BUF);
3670 file3 = fopen(caKeyFile, "rb");
3678 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3681 ret = wc_InitRsaKey(&caKey, 0);
3687 ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3691 wc_FreeRsaKey(&caKey);
3695 wc_InitCert(&myCert);
3697 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3698 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3699 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3700 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
3701 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3702 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
3703 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
3705 ret = wc_SetIssuer(&myCert, caCertFile);
3709 wc_FreeRsaKey(&caKey);
3713 certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
3717 wc_FreeRsaKey(&caKey);
3721 certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3722 &caKey, NULL, &rng);
3726 wc_FreeRsaKey(&caKey);
3731 #ifdef WOLFSSL_TEST_CERT
3732 InitDecodedCert(&decode, derCert, certSz, 0);
3733 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3737 wc_FreeRsaKey(&caKey);
3740 FreeDecodedCert(&decode);
3743 #ifdef FREESCALE_MQX
3744 derFile = fopen("a:\\certs\\othercert.der", "wb");
3746 derFile = fopen("./othercert.der", "wb");
3751 wc_FreeRsaKey(&caKey);
3754 ret = (int)fwrite(derCert, 1, certSz, derFile);
3756 if (ret != certSz) {
3759 wc_FreeRsaKey(&caKey);
3763 pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3767 wc_FreeRsaKey(&caKey);
3771 #ifdef FREESCALE_MQX
3772 pemFile = fopen("a:\\certs\\othercert.pem", "wb");
3774 pemFile = fopen("./othercert.pem", "wb");
3779 wc_FreeRsaKey(&caKey);
3782 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3786 wc_FreeRsaKey(&caKey);
3792 wc_FreeRsaKey(&caKey);
3808 #ifdef WOLFSSL_TEST_CERT
3812 derCert = (byte*)malloc(FOURK_BUF);
3813 if (derCert == NULL)
3815 pem = (byte*)malloc(FOURK_BUF);
3821 file3 = fopen(eccCaKeyFile, "rb");
3829 bytes3 = fread(tmp, 1, FOURK_BUF, file3);
3832 wc_ecc_init(&caKey);
3833 ret = wc_EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
3840 wc_InitCert(&myCert);
3841 myCert.sigType = CTC_SHA256wECDSA;
3843 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
3844 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
3845 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
3846 strncpy(myCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
3847 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
3848 strncpy(myCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
3849 strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
3851 ret = wc_SetIssuer(&myCert, eccCaCertFile);
3855 wc_ecc_free(&caKey);
3859 certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng);
3863 wc_ecc_free(&caKey);
3867 certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
3868 NULL, &caKey, &rng);
3872 wc_ecc_free(&caKey);
3876 #ifdef WOLFSSL_TEST_CERT
3877 InitDecodedCert(&decode, derCert, certSz, 0);
3878 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
3882 wc_ecc_free(&caKey);
3885 FreeDecodedCert(&decode);
3888 #ifdef FREESCALE_MQX
3889 derFile = fopen("a:\\certs\\certecc.der", "wb");
3891 derFile = fopen("./certecc.der", "wb");
3896 wc_ecc_free(&caKey);
3899 ret = (int)fwrite(derCert, 1, certSz, derFile);
3901 if (ret != certSz) {
3904 wc_ecc_free(&caKey);
3908 pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
3912 wc_ecc_free(&caKey);
3916 #ifdef FREESCALE_MQX
3917 pemFile = fopen("a:\\certs\\certecc.pem", "wb");
3919 pemFile = fopen("./certecc.pem", "wb");
3924 wc_ecc_free(&caKey);
3927 ret = (int)fwrite(pem, 1, pemSz, pemFile);
3931 wc_ecc_free(&caKey);
3937 wc_ecc_free(&caKey);
3939 #endif /* HAVE_ECC */
3953 #ifdef WOLFSSL_TEST_CERT
3956 derCert = (byte*)malloc(FOURK_BUF);
3957 if (derCert == NULL)
3959 pem = (byte*)malloc(FOURK_BUF);
3965 byte public_key[557]; /* sized for EES401EP2 */
3966 word16 public_key_len; /* no. of octets in public key */
3967 byte private_key[607]; /* sized for EES401EP2 */
3968 word16 private_key_len; /* no. of octets in private key */
3970 static uint8_t const pers_str[] = {
3971 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
3973 word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
3974 sizeof(pers_str), GetEntropy, &drbg);
3975 if (rc != DRBG_OK) {
3981 rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
3982 &public_key_len, NULL,
3983 &private_key_len, NULL);
3984 if (rc != NTRU_OK) {
3990 rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
3991 &public_key_len, public_key,
3992 &private_key_len, private_key);
3993 if (rc != NTRU_OK) {
3999 rc = ntru_crypto_drbg_uninstantiate(drbg);
4001 if (rc != NTRU_OK) {
4007 caFile = fopen(caKeyFile, "rb");
4015 bytes = fread(tmp, 1, FOURK_BUF, caFile);
4018 ret = wc_InitRsaKey(&caKey, 0);
4024 ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
4031 wc_InitCert(&myCert);
4033 strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
4034 strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
4035 strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
4036 strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
4037 strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
4038 strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
4039 strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
4041 ret = wc_SetIssuer(&myCert, caCertFile);
4045 wc_FreeRsaKey(&caKey);
4049 certSz = wc_MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key,
4050 public_key_len, &rng);
4054 wc_FreeRsaKey(&caKey);
4058 certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
4059 &caKey, NULL, &rng);
4060 wc_FreeRsaKey(&caKey);
4068 #ifdef WOLFSSL_TEST_CERT
4069 InitDecodedCert(&decode, derCert, certSz, 0);
4070 ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
4076 FreeDecodedCert(&decode);
4078 derFile = fopen("./ntru-cert.der", "wb");
4084 ret = (int)fwrite(derCert, 1, certSz, derFile);
4086 if (ret != certSz) {
4092 pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
4099 pemFile = fopen("./ntru-cert.pem", "wb");
4105 ret = (int)fwrite(pem, 1, pemSz, pemFile);
4113 ntruPrivFile = fopen("./ntru-key.raw", "wb");
4114 if (!ntruPrivFile) {
4119 ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
4120 fclose(ntruPrivFile);
4121 if (ret != private_key_len) {
4129 #endif /* HAVE_NTRU */
4130 #ifdef WOLFSSL_CERT_REQ
4139 der = (byte*)malloc(FOURK_BUF);
4142 pem = (byte*)malloc(FOURK_BUF);
4152 strncpy(req.challengePw, "yassl123", CTC_NAME_SIZE);
4153 strncpy(req.subject.country, "US", CTC_NAME_SIZE);
4154 strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
4155 strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
4156 strncpy(req.subject.org, "yaSSL", CTC_NAME_SIZE);
4157 strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
4158 strncpy(req.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
4159 strncpy(req.subject.email, "info@yassl.com", CTC_NAME_SIZE);
4160 req.sigType = CTC_SHA256wRSA;
4162 derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL);
4169 derSz = wc_SignCert(req.bodySz, req.sigType, der, FOURK_BUF,
4177 pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
4184 #ifdef FREESCALE_MQX
4185 reqFile = fopen("a:\\certs\\certreq.der", "wb");
4187 reqFile = fopen("./certreq.der", "wb");
4195 ret = (int)fwrite(der, 1, derSz, reqFile);
4203 #ifdef FREESCALE_MQX
4204 reqFile = fopen("a:\\certs\\certreq.pem", "wb");
4206 reqFile = fopen("./certreq.pem", "wb");
4213 ret = (int)fwrite(pem, 1, pemSz, reqFile);
4224 #endif /* WOLFSSL_CERT_REQ */
4225 #endif /* WOLFSSL_CERT_GEN */
4227 wc_FreeRsaKey(&key);
4229 wc_RsaFreeCavium(&key);
4242 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
4243 #ifdef FREESCALE_MQX
4244 static const char* dhKey = "a:\\certs\\dh2048.der";
4245 #elif defined(NO_ASN)
4246 /* don't use file, no DER parsing */
4248 static const char* dhKey = "./certs/dh2048.der";
4256 word32 idx = 0, privSz, pubSz, privSz2, pubSz2, agreeSz, agreeSz2;
4268 #ifdef USE_CERT_BUFFERS_1024
4269 XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
4270 bytes = sizeof_dh_key_der_1024;
4271 #elif defined(USE_CERT_BUFFERS_2048)
4272 XMEMCPY(tmp, dh_key_der_2048, sizeof_dh_key_der_2048);
4273 bytes = sizeof_dh_key_der_2048;
4274 #elif defined(NO_ASN)
4275 /* don't use file, no DER parsing */
4277 FILE* file = fopen(dhKey, "rb");
4282 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
4284 #endif /* USE_CERT_BUFFERS */
4291 wc_InitDhKey(&key2);
4293 ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
4297 ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
4301 ret = wc_DhKeyDecode(tmp, &idx, &key, bytes);
4306 ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes);
4311 ret = wc_InitRng(&rng);
4315 ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
4316 ret += wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
4320 ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
4321 ret += wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
4325 if (memcmp(agree, agree2, agreeSz))
4329 wc_FreeDhKey(&key2);
4340 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
4341 #ifdef FREESCALE_MQX
4342 static const char* dsaKey = "a:\\certs\\dsa2048.der";
4344 static const char* dsaKey = "./certs/dsa2048.der";
4357 byte hash[SHA_DIGEST_SIZE];
4361 #ifdef USE_CERT_BUFFERS_1024
4362 XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
4363 bytes = sizeof_dsa_key_der_1024;
4364 #elif defined(USE_CERT_BUFFERS_2048)
4365 XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
4366 bytes = sizeof_dsa_key_der_2048;
4368 FILE* file = fopen(dsaKey, "rb");
4373 bytes = (word32) fread(tmp, 1, sizeof(tmp), file);
4375 #endif /* USE_CERT_BUFFERS */
4377 ret = wc_InitSha(&sha);
4380 wc_ShaUpdate(&sha, tmp, bytes);
4381 wc_ShaFinal(&sha, hash);
4383 wc_InitDsaKey(&key);
4384 ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
4385 if (ret != 0) return -61;
4387 ret = wc_InitRng(&rng);
4388 if (ret != 0) return -62;
4390 ret = wc_DsaSign(hash, signature, &key, &rng);
4391 if (ret != 0) return -63;
4393 ret = wc_DsaVerify(hash, signature, &key, &answer);
4394 if (ret != 0) return -64;
4395 if (answer != 1) return -65;
4397 wc_FreeDsaKey(&key);
4406 #ifdef OPENSSL_EXTRA
4408 int openssl_test(void)
4411 testVector a, b, c, d, e, f;
4412 byte hash[SHA256_DIGEST_SIZE*2]; /* max size */
4422 a.input = "1234567890123456789012345678901234567890123456789012345678"
4423 "9012345678901234567890";
4424 a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
4426 a.inLen = strlen(a.input);
4427 a.outLen = MD5_DIGEST_SIZE;
4429 EVP_MD_CTX_init(&md_ctx);
4430 EVP_DigestInit(&md_ctx, EVP_md5());
4432 EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
4433 EVP_DigestFinal(&md_ctx, hash, 0);
4435 if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
4442 b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
4443 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
4445 b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
4446 "\x53\x99\x5E\x26\xA0";
4447 b.inLen = strlen(b.input);
4448 b.outLen = SHA_DIGEST_SIZE;
4450 EVP_MD_CTX_init(&md_ctx);
4451 EVP_DigestInit(&md_ctx, EVP_sha1());
4453 EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
4454 EVP_DigestFinal(&md_ctx, hash, 0);
4456 if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
4462 d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
4463 d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
4464 "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
4466 d.inLen = strlen(d.input);
4467 d.outLen = SHA256_DIGEST_SIZE;
4469 EVP_MD_CTX_init(&md_ctx);
4470 EVP_DigestInit(&md_ctx, EVP_sha256());
4472 EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
4473 EVP_DigestFinal(&md_ctx, hash, 0);
4475 if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
4478 #ifdef WOLFSSL_SHA384
4480 e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
4481 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
4482 e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
4483 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
4484 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
4486 e.inLen = strlen(e.input);
4487 e.outLen = SHA384_DIGEST_SIZE;
4489 EVP_MD_CTX_init(&md_ctx);
4490 EVP_DigestInit(&md_ctx, EVP_sha384());
4492 EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
4493 EVP_DigestFinal(&md_ctx, hash, 0);
4495 if (memcmp(hash, e.output, SHA384_DIGEST_SIZE) != 0)
4498 #endif /* WOLFSSL_SHA384 */
4501 #ifdef WOLFSSL_SHA512
4503 f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
4504 "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
4505 f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
4506 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
4507 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
4508 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
4510 f.inLen = strlen(f.input);
4511 f.outLen = SHA512_DIGEST_SIZE;
4513 EVP_MD_CTX_init(&md_ctx);
4514 EVP_DigestInit(&md_ctx, EVP_sha512());
4516 EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
4517 EVP_DigestFinal(&md_ctx, hash, 0);
4519 if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
4522 #endif /* WOLFSSL_SHA512 */
4526 if (RAND_bytes(hash, sizeof(hash)) != 1)
4529 c.input = "what do ya want for nothing?";
4530 c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
4532 c.inLen = strlen(c.input);
4533 c.outLen = MD5_DIGEST_SIZE;
4536 "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0);
4538 if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0)
4545 const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
4546 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
4547 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
4548 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
4554 const_DES_cblock key =
4556 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
4561 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
4564 DES_key_schedule sched;
4566 const byte verify[] =
4568 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
4569 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
4570 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
4573 DES_key_sched(&key, &sched);
4575 DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
4576 DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
4578 if (memcmp(plain, vector, sizeof(vector)) != 0)
4581 if (memcmp(cipher, verify, sizeof(verify)) != 0)
4584 /* test changing iv */
4585 DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
4586 DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
4588 if (memcmp(cipher, verify, sizeof(verify)) != 0)
4591 } /* end des test */
4593 #endif /* NO_DES3 */
4597 { /* evp_cipher test */
4601 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
4602 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
4603 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
4604 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
4607 const byte verify[] =
4609 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
4610 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
4613 byte key[] = "0123456789abcdef "; /* align */
4614 byte iv[] = "1234567890abcdef "; /* align */
4616 byte cipher[AES_BLOCK_SIZE * 4];
4617 byte plain [AES_BLOCK_SIZE * 4];
4619 EVP_CIPHER_CTX_init(&ctx);
4620 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
4623 if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0)
4626 if (memcmp(cipher, verify, AES_BLOCK_SIZE))
4629 EVP_CIPHER_CTX_init(&ctx);
4630 if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
4633 if (EVP_Cipher(&ctx, plain, cipher, 16) == 0)
4636 if (memcmp(plain, msg, AES_BLOCK_SIZE))
4640 } /* end evp_cipher test */
4647 #endif /* OPENSSL_EXTRA */
4652 int pkcs12_test(void)
4654 const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
4656 const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
4658 const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
4659 0x00, 0x67, 0x00, 0x00 };
4660 const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
4663 const byte verify[] = {
4664 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
4665 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
4666 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
4669 const byte verify2[] = {
4670 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
4671 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
4672 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
4678 int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
4679 iterations, kLen, SHA256, id);
4684 if ( (ret = memcmp(derived, verify, kLen)) != 0)
4688 ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
4689 iterations, kLen, SHA256, id);
4693 if ( (ret = memcmp(derived, verify2, 24)) != 0)
4700 int pbkdf2_test(void)
4702 char passwd[] = "passwordpassword";
4703 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
4704 int iterations = 2048;
4708 const byte verify[] = {
4709 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
4710 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
4713 int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
4714 iterations, kLen, SHA256);
4718 if (memcmp(derived, verify, sizeof(verify)) != 0)
4726 int pbkdf1_test(void)
4728 char passwd[] = "password";
4729 const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
4730 int iterations = 1000;
4734 const byte verify[] = {
4735 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, 0xAF, 0x10, 0xEB, 0xFB,
4736 0x4A, 0x3D, 0x2A, 0x20
4739 wc_PBKDF1(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations,
4742 if (memcmp(derived, verify, sizeof(verify)) != 0)
4750 int pwdbased_test(void)
4754 ret += pbkdf1_test();
4756 ret += pbkdf2_test();
4758 return ret + pkcs12_test();
4761 #endif /* NO_PWDBASED */
4763 #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
4770 byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4771 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4772 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
4773 byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
4774 0x08, 0x09, 0x0a, 0x0b, 0x0c };
4775 byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
4777 byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
4778 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
4779 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
4780 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
4781 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
4783 byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
4784 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
4785 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
4786 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
4787 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
4789 byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
4790 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
4791 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
4792 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
4793 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
4795 byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
4796 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
4797 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
4798 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
4799 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
4810 ret = wc_HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4814 if (memcmp(okm1, res1, L) != 0)
4818 /* fips can't have key size under 14 bytes, salt is key too */
4819 ret = wc_HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
4823 if (memcmp(okm1, res2, L) != 0)
4825 #endif /* HAVE_FIPS */
4829 ret = wc_HKDF(SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
4833 if (memcmp(okm1, res3, L) != 0)
4837 /* fips can't have key size under 14 bytes, salt is key too */
4838 ret = wc_HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
4842 if (memcmp(okm1, res4, L) != 0)
4844 #endif /* HAVE_FIPS */
4845 #endif /* NO_SHA256 */
4850 #endif /* HAVE_HKDF */
4855 typedef struct rawEccVector {
4862 const char* curveName;
4873 byte exportBuf[1024];
4876 ecc_key userA, userB, pubKey;
4878 ret = wc_InitRng(&rng);
4882 wc_ecc_init(&userA);
4883 wc_ecc_init(&userB);
4884 wc_ecc_init(&pubKey);
4886 ret = wc_ecc_make_key(&rng, 32, &userA);
4891 ret = wc_ecc_check_key(&userA);
4895 ret = wc_ecc_make_key(&rng, 32, &userB);
4900 x = sizeof(sharedA);
4901 ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x);
4906 y = sizeof(sharedB);
4907 ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y);
4915 if (memcmp(sharedA, sharedB, x))
4918 x = sizeof(exportBuf);
4919 ret = wc_ecc_export_x963(&userA, exportBuf, &x);
4923 ret = wc_ecc_import_x963(exportBuf, x, &pubKey);
4928 y = sizeof(sharedB);
4929 ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y);
4934 if (memcmp(sharedA, sharedB, y))
4937 #ifdef HAVE_COMP_KEY
4938 /* try compressed export / import too */
4939 x = sizeof(exportBuf);
4940 ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1);
4944 wc_ecc_free(&pubKey);
4945 wc_ecc_init(&pubKey);
4946 ret = wc_ecc_import_x963(exportBuf, x, &pubKey);
4952 y = sizeof(sharedB);
4953 ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y);
4958 if (memcmp(sharedA, sharedB, y))
4961 /* test DSA sign hash */
4962 for (i = 0; i < (int)sizeof(digest); i++)
4963 digest[i] = (byte)i;
4966 ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
4972 ret = wc_ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA);
4980 x = sizeof(exportBuf);
4981 ret = wc_ecc_export_private_only(&userA, exportBuf, &x);
4985 #if !defined(NO_SHA) && \
4986 ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
4988 /* test raw ECC key import */
4990 byte hash[SHA_DIGEST_SIZE];
4992 rawEccVector test_ecc[2];
4993 int times = sizeof(test_ecc) / sizeof(rawEccVector);
4995 /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
4996 a.msg = "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a"
4997 "\x6e\x6b\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d"
4998 "\xf3\x46\x4b\xa4\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b"
4999 "\xb5\x98\x6f\xa1\xa2\xaf\x04\x8a\x0e\x14\xdc\x51\xe5\x26"
5000 "\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a\xc6\xf1\xa7\xf1\x56\xce"
5001 "\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd\x7a\x20\x93\xe2"
5002 "\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5\x9c\x78"
5003 "\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
5004 "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0"
5007 a.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
5008 a.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
5009 a.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
5010 a.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
5011 a.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
5012 a.curveName = "ECC-192";
5014 /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
5015 b.msg = "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e"
5016 "\x20\x47\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69"
5017 "\xe0\x63\x0f\x99\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28"
5018 "\x27\xb6\x95\xfc\x2d\x64\xd9\x13\x8b\x1c\xf4\xc1\x21\x55"
5019 "\x89\x4c\x42\x13\x21\xa7\xbb\x97\x0b\xdc\xe0\xfb\xf0\xd2"
5020 "\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf\xe3\xff\x8d\xea"
5021 "\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e\x26\xc1"
5022 "\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
5023 "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7"
5026 b.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
5027 b.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
5028 b.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
5029 b.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
5030 b.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
5031 b.curveName = "ECC-224";
5036 for (i = 0; i < times; i++) {
5038 wc_ecc_free(&userA);
5039 wc_ecc_init(&userA);
5041 memset(sig, 0, sizeof(sig));
5044 /* calculate SHA-1 hash of message */
5045 ret = wc_InitSha(&sha);
5049 wc_ShaUpdate(&sha, (byte*)test_ecc[i].msg, (word32)test_ecc[i].msgLen);
5050 wc_ShaFinal(&sha, hash);
5052 ret = wc_ecc_import_raw(&userA, test_ecc[i].Qx, test_ecc[i].Qy,
5053 test_ecc[i].d, test_ecc[i].curveName);
5057 ret = wc_ecc_rs_to_sig(test_ecc[i].R, test_ecc[i].S, sig, &x);
5061 ret = wc_ecc_verify_hash(sig, x, hash, sizeof(hash), &verify, &userA);
5069 #endif /* defined(HAVE_ECC192) && defined(HAVE_ECC256) */
5072 #ifdef WOLFSSL_KEY_GEN
5075 byte der[FOURK_BUF];
5076 byte pem[FOURK_BUF];
5080 derSz = wc_EccKeyToDer(&userB, der, FOURK_BUF);
5085 keyFile = fopen("./ecc-key.der", "wb");
5089 ret = (int)fwrite(der, 1, derSz, keyFile);
5095 pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, ECC_PRIVATEKEY_TYPE);
5100 pemFile = fopen("./ecc-key.pem", "wb");
5104 ret = (int)fwrite(pem, 1, pemSz, pemFile);
5110 #endif /* WOLFSSL_KEY_GEN */
5112 wc_ecc_free(&pubKey);
5113 wc_ecc_free(&userB);
5114 wc_ecc_free(&userA);
5120 #ifdef HAVE_ECC_ENCRYPT
5122 int ecc_encrypt_test(void)
5126 ecc_key userA, userB;
5130 word32 outSz = sizeof(out);
5131 word32 plainSz = sizeof(plain);
5134 ret = wc_InitRng(&rng);
5138 wc_ecc_init(&userA);
5139 wc_ecc_init(&userB);
5141 ret = wc_ecc_make_key(&rng, 32, &userA);
5142 ret += wc_ecc_make_key(&rng, 32, &userB);
5147 for (i = 0; i < 48; i++)
5150 /* encrypt msg to B */
5151 ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL);
5155 /* decrypt msg from A */
5156 ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL);
5160 if (memcmp(plain, msg, sizeof(msg)) != 0)
5164 { /* let's verify message exchange works, A is client, B is server */
5165 ecEncCtx* cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
5166 ecEncCtx* srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
5168 byte cliSalt[EXCHANGE_SALT_SZ];
5169 byte srvSalt[EXCHANGE_SALT_SZ];
5170 const byte* tmpSalt;
5172 if (cliCtx == NULL || srvCtx == NULL)
5175 /* get salt to send to peer */
5176 tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
5177 if (tmpSalt == NULL)
5179 memcpy(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
5181 tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
5182 if (tmpSalt == NULL)
5184 memcpy(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
5186 /* in actual use, we'd get the peer's salt over the transport */
5187 ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
5188 ret += wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
5190 ret += wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
5191 ret += wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
5196 /* get encrypted msg (request) to send to B */
5197 outSz = sizeof(out);
5198 ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx);
5202 /* B decrypts msg (request) from A */
5203 plainSz = sizeof(plain);
5204 ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx);
5208 if (memcmp(plain, msg, sizeof(msg)) != 0)
5212 /* msg2 (response) from B to A */
5216 word32 outSz2 = sizeof(out2);
5217 word32 plainSz2 = sizeof(plain2);
5219 for (i = 0; i < 48; i++)
5222 /* get encrypted msg (response) to send to B */
5223 ret = wc_ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2,
5228 /* A decrypts msg (response) from B */
5229 ret = wc_ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2,
5234 if (memcmp(plain2, msg2, sizeof(msg2)) != 0)
5239 wc_ecc_ctx_free(srvCtx);
5240 wc_ecc_ctx_free(cliCtx);
5244 wc_ecc_free(&userB);
5245 wc_ecc_free(&userA);
5251 #endif /* HAVE_ECC_ENCRYPT */
5252 #endif /* HAVE_ECC */
5255 #ifdef HAVE_CURVE25519
5257 int curve25519_test(void)
5264 curve25519_key userA, userB, pubKey;
5266 /* test vectors from
5267 https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
5270 /* secret key for party a */
5272 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
5273 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
5274 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
5275 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
5278 /* public key for party a */
5280 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
5281 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
5282 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
5283 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
5286 /* secret key for party b */
5288 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
5289 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
5290 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
5291 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
5294 /* public key for party b */
5296 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
5297 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
5298 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
5299 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
5302 /* expected shared key */
5304 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
5305 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
5306 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
5307 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
5310 if (wc_InitRng(&rng) != 0)
5313 wc_curve25519_init(&userA);
5314 wc_curve25519_init(&userB);
5315 wc_curve25519_init(&pubKey);
5317 /* make curve25519 keys */
5318 if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
5321 if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
5324 /* find shared secret key */
5325 if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
5328 if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
5331 /* compare shared secret keys to test they are the same */
5335 if (XMEMCMP(sharedA, sharedB, x))
5338 /* export a public key and import it for another user */
5339 if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
5342 if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
5345 /* test shared key after importing a public key */
5346 XMEMSET(sharedB, 0, sizeof(sharedB));
5347 if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
5350 if (XMEMCMP(sharedA, sharedB, y))
5353 /* import RFC test vectors and compare shared key */
5354 if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
5358 if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
5362 /* test against known test vector */
5363 XMEMSET(sharedB, 0, sizeof(sharedB));
5364 if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
5367 if (XMEMCMP(ss, sharedB, y))
5370 /* test swaping roles of keys and generating same shared key */
5371 XMEMSET(sharedB, 0, sizeof(sharedB));
5372 if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
5375 if (XMEMCMP(ss, sharedB, y))
5378 /* clean up keys when done */
5379 wc_curve25519_free(&pubKey);
5380 wc_curve25519_free(&userB);
5381 wc_curve25519_free(&userA);
5387 #endif /* HAVE_CURVE25519 */
5391 int ed25519_test(void)
5394 byte out[ED25519_SIG_SIZE];
5395 byte exportPKey[ED25519_KEY_SIZE];
5396 byte exportSKey[ED25519_KEY_SIZE];
5400 word32 keySz, sigSz;
5405 /* test vectors from
5406 https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
5409 const byte sKey1[] = {
5410 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
5411 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
5412 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
5413 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
5416 const byte sKey2[] = {
5417 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
5418 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
5419 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
5420 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
5423 const byte sKey3[] = {
5424 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
5425 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
5426 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
5427 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
5430 /* uncompressed test */
5431 const byte sKey4[] = {
5432 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
5433 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
5434 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
5435 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
5438 /* compressed prefix test */
5439 const byte sKey5[] = {
5440 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
5441 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
5442 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
5443 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
5446 const byte sKey6[] = {
5447 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
5448 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
5449 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
5450 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
5453 const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
5455 const byte pKey1[] = {
5456 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
5457 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
5458 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
5459 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
5462 const byte pKey2[] = {
5463 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
5464 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
5465 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
5466 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
5469 const byte pKey3[] = {
5470 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
5471 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
5472 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
5473 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
5476 /* uncompressed test */
5477 const byte pKey4[] = {
5478 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
5479 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
5480 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
5481 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
5482 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
5483 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
5484 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
5485 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
5489 /* compressed prefix */
5490 const byte pKey5[] = {
5491 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
5492 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
5493 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
5494 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
5497 const byte pKey6[] = {
5498 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
5499 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
5500 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
5501 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
5504 const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
5505 const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
5506 sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
5508 const byte sig1[] = {
5509 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
5510 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
5511 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
5512 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
5513 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
5514 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
5515 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
5516 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
5519 const byte sig2[] = {
5520 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
5521 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
5522 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
5523 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
5524 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
5525 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
5526 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
5527 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
5530 const byte sig3[] = {
5531 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
5532 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
5533 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
5534 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
5535 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
5536 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
5537 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
5538 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
5541 /* uncompressed test */
5542 const byte sig4[] = {
5543 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
5544 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
5545 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
5546 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
5547 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
5548 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
5549 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
5550 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
5553 /* compressed prefix */
5554 const byte sig5[] = {
5555 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
5556 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
5557 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
5558 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
5559 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
5560 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
5561 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
5562 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
5565 const byte sig6[] = {
5566 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
5567 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
5568 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
5569 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
5570 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
5571 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
5572 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
5573 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
5576 const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
5578 const byte msg1[] = {};
5579 const byte msg2[] = {0x72};
5580 const byte msg3[] = {0xAF,0x82};
5582 /* test of a 1024 byte long message */
5583 const byte msg4[] = {
5584 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
5585 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
5586 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
5587 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
5588 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
5589 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
5590 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
5591 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
5592 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
5593 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
5594 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
5595 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
5596 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
5597 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
5598 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
5599 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
5600 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
5601 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
5602 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
5603 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
5604 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
5605 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
5606 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
5607 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
5608 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
5609 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
5610 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
5611 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
5612 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
5613 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
5614 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
5615 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
5616 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
5617 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
5618 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
5619 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
5620 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
5621 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
5622 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
5623 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
5624 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
5625 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
5626 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
5627 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
5628 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
5629 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
5630 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
5631 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
5632 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
5633 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
5634 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
5635 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
5636 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
5637 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
5638 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
5639 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
5640 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
5641 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
5642 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
5643 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
5644 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
5645 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
5646 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
5647 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
5648 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
5649 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
5650 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
5651 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
5652 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
5653 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
5654 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
5655 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
5656 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
5657 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
5658 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
5659 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
5660 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
5661 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
5662 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
5663 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
5664 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
5665 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
5666 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
5667 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
5668 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
5669 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
5670 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
5671 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
5672 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
5673 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
5674 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
5675 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
5676 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
5677 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
5678 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
5679 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
5680 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
5681 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
5682 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
5683 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
5684 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
5685 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
5686 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
5687 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
5688 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
5689 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
5690 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
5691 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
5692 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
5693 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
5694 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
5695 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
5696 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
5697 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
5698 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
5699 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
5700 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
5701 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
5702 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
5703 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
5704 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
5705 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
5706 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
5707 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
5708 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
5709 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
5710 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
5711 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
5714 const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
5715 const word16 msgSz[] = {sizeof(msg1), sizeof(msg2), sizeof(msg3),
5716 sizeof(msg1), sizeof(msg1), sizeof(msg4)};
5718 /* create ed25519 keys */
5720 wc_ed25519_init(&key);
5721 wc_ed25519_init(&key2);
5722 wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
5723 wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
5725 /* helper functions for signature and key size */
5726 keySz = wc_ed25519_size(&key);
5727 sigSz = wc_ed25519_sig_size(&key);
5729 for (i = 0; i < 6; i++) {
5730 outlen = sizeof(out);
5731 XMEMSET(out, 0, sizeof(out));
5733 if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
5734 pKeySz[i], &key) != 0)
5737 if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key)
5741 if (XMEMCMP(out, sigs[i], 64))
5744 /* test verify on good msg */
5745 if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
5746 &key) != 0 || verify != 1)
5749 /* test verify on bad msg */
5750 out[outlen-1] = out[outlen-1] + 1;
5751 if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
5752 &key) == 0 || verify == 1)
5755 /* test api for import/exporting keys */
5756 exportPSz = sizeof(exportPKey);
5757 exportSSz = sizeof(exportSKey);
5758 if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
5761 if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
5764 if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
5767 if (wc_ed25519_import_private_key(exportSKey, exportSSz,
5768 exportPKey, exportPSz, &key2) != 0)
5771 /* clear "out" buffer and test sign with imported keys */
5772 outlen = sizeof(out);
5773 XMEMSET(out, 0, sizeof(out));
5774 if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
5777 if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
5778 &key2) != 0 || verify != 1)
5781 if (XMEMCMP(out, sigs[i], 64))
5785 /* clean up keys when done */
5786 wc_ed25519_free(&key);
5787 wc_ed25519_free(&key2);
5789 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
5793 /* hush warrnings of unused keySz and sigSz */
5799 #endif /* HAVE_ED25519 */
5804 const byte sample_text[] =
5805 "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
5806 "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
5807 "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
5808 "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
5809 "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
5810 "small batch meggings kogi dolore food truck bespoke gastropub.\n"
5812 "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
5813 "four loko you probably haven't heard of them high life. Messenger bag\n"
5814 "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
5815 "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
5816 "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
5817 "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
5818 "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
5819 "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
5820 "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
5821 "four loko whatever street art yr farm-to-table.\n"
5823 "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
5824 "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
5825 "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
5826 "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
5827 "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
5828 "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
5829 "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
5830 "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
5833 "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
5834 "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
5835 "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
5836 "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
5837 "small batch american apparel. Put a bird on it cosby sweater before they\n"
5838 "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
5839 "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
5840 "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
5841 "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
5842 "neutra PBR selvage.\n"
5844 "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
5845 "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
5846 "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
5847 "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
5848 "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
5849 "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
5850 "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
5851 "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
5852 "mollit magna, sriracha sartorial helvetica.\n"
5854 "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
5855 "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
5856 "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
5857 "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
5858 "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
5859 "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
5860 "Veniam sunt food truck leggings, sint vinyl fap.\n"
5862 "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
5863 "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
5864 "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
5865 "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
5866 "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
5867 "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
5868 "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
5869 "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
5870 "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
5872 "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
5873 "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
5874 "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
5875 "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
5876 "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
5877 "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
5878 "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
5879 "bag dolor terry richardson sapiente.\n";
5882 int compress_test(void)
5885 word32 dSz = sizeof(sample_text);
5886 word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
5890 c = calloc(cSz, sizeof(byte));
5891 d = calloc(dSz, sizeof(byte));
5893 if (c == NULL || d == NULL)
5896 if (ret == 0 && (ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0)
5904 if (ret == 0 && wc_DeCompress(d, dSz, c, cSz) != (int)dSz)
5907 if (ret == 0 && memcmp(d, sample_text, dSz))
5916 #endif /* HAVE_LIBZ */
5920 int pkcs7enveloped_test(void)
5925 int envelopedSz, decodedSz;
5929 byte enveloped[2048];
5937 const char* pkcs7OutFile = "pkcs7envelopedData.der";
5939 const byte data[] = { /* Hello World */
5940 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
5944 /* read client cert and key in DER format */
5945 cert = (byte*)malloc(FOURK_BUF);
5949 privKey = (byte*)malloc(FOURK_BUF);
5950 if (privKey == NULL) {
5955 certFile = fopen(clientCert, "rb");
5959 err_sys("can't open ./certs/client-cert.der, "
5960 "Please run from wolfSSL home dir", -42);
5964 certSz = fread(cert, 1, FOURK_BUF, certFile);
5967 keyFile = fopen(clientKey, "rb");
5971 err_sys("can't open ./certs/client-key.der, "
5972 "Please run from wolfSSL home dir", -43);
5976 privKeySz = fread(privKey, 1, FOURK_BUF, keyFile);
5979 wc_PKCS7_InitWithCert(&pkcs7, cert, (word32)certSz);
5980 pkcs7.content = (byte*)data;
5981 pkcs7.contentSz = (word32)sizeof(data);
5982 pkcs7.contentOID = DATA;
5983 pkcs7.encryptOID = cipher;
5984 pkcs7.privateKey = privKey;
5985 pkcs7.privateKeySz = (word32)privKeySz;
5987 /* encode envelopedData */
5988 envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
5990 if (envelopedSz <= 0) {
5996 /* decode envelopedData */
5997 decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
5998 decoded, sizeof(decoded));
5999 if (decodedSz <= 0) {
6005 /* test decode result */
6006 if (memcmp(decoded, data, sizeof(data)) != 0) {
6012 /* output pkcs7 envelopedData for external testing */
6013 pkcs7File = fopen(pkcs7OutFile, "wb");
6020 ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File);
6025 wc_PKCS7_Free(&pkcs7);
6033 int pkcs7signed_test(void)
6041 char data[] = "Hello World";
6042 word32 dataSz, outSz, certDerSz, keyDerSz;
6047 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
6049 byte messageTypeOid[] =
6050 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
6052 byte senderNonceOid[] =
6053 { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
6055 byte transId[(SHA_DIGEST_SIZE + 1) * 2 + 1];
6056 byte messageType[] = { 0x13, 2, '1', '9' };
6057 byte senderNonce[PKCS7_NONCE_SZ + 2];
6059 PKCS7Attrib attribs[] =
6061 { transIdOid, sizeof(transIdOid),
6062 transId, sizeof(transId) - 1 }, /* take off the null */
6063 { messageTypeOid, sizeof(messageTypeOid),
6064 messageType, sizeof(messageType) },
6065 { senderNonceOid, sizeof(senderNonceOid),
6066 senderNonce, sizeof(senderNonce) }
6069 dataSz = (word32) strlen(data);
6072 certDer = (byte*)malloc(FOURK_BUF);
6073 if (certDer == NULL)
6075 keyDer = (byte*)malloc(FOURK_BUF);
6076 if (keyDer == NULL) {
6080 out = (byte*)malloc(FOURK_BUF);
6087 /* read in DER cert of recipient, into cert of size certSz */
6088 file = fopen(clientCert, "rb");
6093 err_sys("can't open ./certs/client-cert.der, "
6094 "Please run from wolfSSL home dir", -44);
6097 certDerSz = (word32)fread(certDer, 1, FOURK_BUF, file);
6100 file = fopen(clientKey, "rb");
6105 err_sys("can't open ./certs/client-key.der, "
6106 "Please run from wolfSSL home dir", -45);
6109 keyDerSz = (word32)fread(keyDer, 1, FOURK_BUF, file);
6112 ret = wc_InitRng(&rng);
6120 senderNonce[0] = 0x04;
6121 senderNonce[1] = PKCS7_NONCE_SZ;
6123 ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
6131 wc_PKCS7_InitWithCert(&msg, certDer, certDerSz);
6132 msg.privateKey = keyDer;
6133 msg.privateKeySz = keyDerSz;
6134 msg.content = (byte*)data;
6135 msg.contentSz = dataSz;
6137 msg.encryptOID = RSAk;
6138 msg.signedAttribs = attribs;
6139 msg.signedAttribsSz = sizeof(attribs)/sizeof(PKCS7Attrib);
6143 byte digest[SHA_DIGEST_SIZE];
6147 transId[1] = SHA_DIGEST_SIZE * 2;
6149 ret = wc_InitSha(&sha);
6156 wc_ShaUpdate(&sha, msg.publicKey, msg.publicKeySz);
6157 wc_ShaFinal(&sha, digest);
6159 for (i = 0, j = 2; i < SHA_DIGEST_SIZE; i++, j += 2) {
6160 snprintf((char*)&transId[j], 3, "%02x", digest[i]);
6163 ret = wc_PKCS7_EncodeSignedData(&msg, out, outSz);
6168 wc_PKCS7_Free(&msg);
6174 /* write PKCS#7 to output file for more testing */
6175 file = fopen("./pkcs7signedData.der", "wb");
6180 wc_PKCS7_Free(&msg);
6183 ret = (int)fwrite(out, 1, outSz, file);
6185 if (ret != (int)outSz) {
6189 wc_PKCS7_Free(&msg);
6193 wc_PKCS7_Free(&msg);
6194 wc_PKCS7_InitWithCert(&msg, NULL, 0);
6196 ret = wc_PKCS7_VerifySignedData(&msg, out, outSz);
6201 wc_PKCS7_Free(&msg);
6205 if (msg.singleCert == NULL || msg.singleCertSz == 0) {
6209 wc_PKCS7_Free(&msg);
6213 file = fopen("./pkcs7cert.der", "wb");
6218 wc_PKCS7_Free(&msg);
6221 ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file);
6227 wc_PKCS7_Free(&msg);
6237 #endif /* HAVE_PKCS7 */
6239 #endif /* NO_CRYPT_TEST */